Overview

overview

10

Static

static

3

capcut_cap...er.exe

windows10-1703-x64

10

capcut_cap...er.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    capcut_capcutpc_invitefission_1.2.4_installer.exe

  • Size

    2.2MB

  • Sample

    240713-mylpfazekc

  • MD5

    cafd508f953e2d28acf9b49e80bf2fc6

  • SHA1

    0c739749978ef0b6077261e511ab10e9211f2c71

  • SHA256

    aa8ff4d4c4505f9245ae995be2fee8f6a78b1167126e613490e1c22549bdf142

  • SHA512

    3ff026e849378691da40d406ce806c438c8a4f015217731bd132bfccdb58c4832306a3f92aa752af6d3ca71e2425f161155d767e56d23c15f0634424080caab3

  • SSDEEP

    49152:7VhVn6EBMgmH1Cz0DqfMus8/V3sYPyD9+gqulxheyY6:7XVn6OMgmH1CS7ec7fxY6

Score
10/10
googlediscoveryphishingransomware

Malware Config

Targets

    • Target

      capcut_capcutpc_invitefission_1.2.4_installer.exe

    • Size

      2.2MB

    • MD5

      cafd508f953e2d28acf9b49e80bf2fc6

    • SHA1

      0c739749978ef0b6077261e511ab10e9211f2c71

    • SHA256

      aa8ff4d4c4505f9245ae995be2fee8f6a78b1167126e613490e1c22549bdf142

    • SHA512

      3ff026e849378691da40d406ce806c438c8a4f015217731bd132bfccdb58c4832306a3f92aa752af6d3ca71e2425f161155d767e56d23c15f0634424080caab3

    • SSDEEP

      49152:7VhVn6EBMgmH1Cz0DqfMus8/V3sYPyD9+gqulxheyY6:7XVn6OMgmH1CS7ec7fxY6

    Score
    10/10
    googlediscoveryphishingransomware

    • Detected google phishing page

      phishinggoogle

    • Renames multiple (517) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of NtCreateThreadExHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks