5aa1234eb23bef8628cdc9189879d629b418cd1d176c99c024a15c3bfe5e413a

Sharing

Copy URL Twitter E-mail

General

Target

bdcamsetup (1).exe
Size

31.5MB
Sample

240720-3w9aqashqq
MD5

cbb2dc1b64c5a21da53d79f0ad2e1bdb
SHA1

b2e411fcbccedef4d3a64133aff5d5502291b24f
SHA256

5aa1234eb23bef8628cdc9189879d629b418cd1d176c99c024a15c3bfe5e413a
SHA512

73391f29a027f1184d2ed673667b86bd96eaf97df94e4fc13c03ec8913c9ff36f3a549b7a4f79f67755cdd8f61fe906e61de1559dd884f2623add72413b4841c
SSDEEP

786432:fmDBQyG/qdx5SFTFI/Xoa74EJCvBLRUH0PYNr/h4vW:+D0qd/SFTFIcGyIpr/v

Score

5^/10

Malware Config

Targets

- Target
  
  bdcamsetup (1).exe
- Size
  
  31.5MB
- MD5
  
  cbb2dc1b64c5a21da53d79f0ad2e1bdb
- SHA1
  
  b2e411fcbccedef4d3a64133aff5d5502291b24f
- SHA256
  
  5aa1234eb23bef8628cdc9189879d629b418cd1d176c99c024a15c3bfe5e413a
- SHA512
  
  73391f29a027f1184d2ed673667b86bd96eaf97df94e4fc13c03ec8913c9ff36f3a549b7a4f79f67755cdd8f61fe906e61de1559dd884f2623add72413b4841c
- SSDEEP
  
  786432:fmDBQyG/qdx5SFTFI/Xoa74EJCvBLRUH0PYNr/h4vW:+D0qd/SFTFIcGyIpr/v
Score

5^/10

discovery persistence privilege_escalation
- Drops file in System32 directory
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  15KB
- MD5
  
  720304c57dcfa17751ed455b3bb9c10a
- SHA1
  
  59a1c3a746de10b8875229ff29006f1fd36b1e41
- SHA256
  
  6486029d3939231bd9f10457fd9a5ab2e44f30315af443197a3347df4e18c4e9
- SHA512
  
  c64c161290f5c21d642ecf16cc6ad3ee4a31bf5bab41c65c74907a5c158eaca429ef99cd8d2b55dc2ecb8478bb0b85c1576402389a07568f36c871b2772ead04
- SSDEEP
  
  384:E1C43tPegZ3eBaRwCPOYY7nNYXC0A/Yosa:E8TgZ3eBTCmrnNAf
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/ShellExecAsUser.dll
- Size
  
  43KB
- MD5
  
  552cba3c6c9987e01be178e1ee22d36b
- SHA1
  
  4c0ab0127453b0b53aeb27e407859bccb229ea1b
- SHA256
  
  1f17e4d5ffe7b2c9a396ee9932ac5198f0c050241e5f9ccd3a56e576613d8a29
- SHA512
  
  9bcf47b62ca8ffa578751008cae523d279cdb1699fd916754491899c31ace99f18007ed0e2cbe9902abf132d516259b5fb283379d2fead37c76b19e2e835e95a
- SSDEEP
  
  768:SA49ATJ9ONLkh9J5lDYDzG8yVAf7hiJFkkAqnTEDlV4vihdk:SA4CJ9OFpXf0AfNiTkIMrhdk
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  17ed1c86bd67e78ade4712be48a7d2bd
- SHA1
  
  1cc9fe86d6d6030b4dae45ecddce5907991c01a0
- SHA256
  
  bd046e6497b304e4ea4ab102cab2b1f94ce09bde0eebba4c59942a732679e4eb
- SHA512
  
  0cbed521e7d6d1f85977b3f7d3ca7ac34e1b5495b69fd8c7bfa1a846baf53b0ecd06fe1ad02a3599082ffacaf8c71a3bb4e32dec05f8e24859d736b828092cd5
- SSDEEP
  
  192:eY24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35Ol+Sl:E8QIl975eXqlWBrz7YLOl+
Score

3^/10
behavioral7 behavioral8
- Target
  
  $SYSDIR/D3DCompiler_47.dll
- Size
  
  3.5MB
- MD5
  
  7375633014ca3bcabf6d337abe399afc
- SHA1
  
  bbaf4aa50ffc0d2bd363d5debe56d41121a1fec2
- SHA256
  
  80b8f0435b379b18bbfd91f9e62e3797b3e9bf07d77bb8e5201a74f590cba37a
- SHA512
  
  d81bfffb7b031f48e08ddf9d3f4862851ed87ce50d149c63eb74fa68d92e336c1da66a5bcceb55f22211c877441570111439d7383597ad6a2cecdbd5b7502990
- SSDEEP
  
  49152:VtdNhilBx6wvXmPwJTtLgvUACN5m5fsRu9qLHyPQiC7:VTNUlBUwv5hdAGQfsRu2uk
Score

3^/10
behavioral9
- Target
  
  $SYSDIR/msvcp110.dll
- Size
  
  522KB
- MD5
  
  3e29914113ec4b968ba5eb1f6d194a0a
- SHA1
  
  557b67e372e85eb39989cb53cffd3ef1adabb9fe
- SHA256
  
  c8d5572ca8d7624871188f0acabc3ae60d4c5a4f6782d952b9038de3bc28b39a
- SHA512
  
  75078c9eaa5a7ae39408e5db1ce7dbce5a3180d1c644bcb5e481b0810b07cb7d001d68d1b4f462cd5355e98951716f041ef570fcc866d289a68ea19b3f500c43
- SSDEEP
  
  12288:FqULIc5nb9rywgfyhUgiW6QR7t5sA3Ooc8sHkC2eRxUH:PLHnhryLfBA3Ooc8sHkC2eRxUH
Score

3^/10
behavioral10 behavioral11
- Target
  
  $SYSDIR/msvcr110.dll
- Size
  
  854KB
- MD5
  
  4ba25d2cbe1587a841dcfb8c8c4a6ea6
- SHA1
  
  52693d4b5e0b55a929099b680348c3932f2c3c62
- SHA256
  
  b30160e759115e24425b9bcdf606ef6ebce4657487525ede7f1ac40b90ff7e49
- SHA512
  
  82e86ec67a5c6cddf2230872f66560f4b0c3e4c1bb672507bbb8446a8d6f62512cbd0475fe23b619db3a67bb870f4f742761cf1f87d50db7f14076f54006f6c6
- SSDEEP
  
  12288:TmCyHcMpK7QdgD+9Tr8r3FmJciMgLFWkA8qTWu+FVlofpJCjNdr12iqwZeq:TmCyHNIQdTryVmCipIkqTWu+Fr
Score

3^/10
behavioral12 behavioral13
- Target
  
  $SYSDIR/vcomp140.dll
- Size
  
  178KB
- MD5
  
  1cd23a0f3daf4210f86ba8eb60b2612b
- SHA1
  
  979ab8d98d27fc0c8810822d80a4f1361657f21d
- SHA256
  
  dbc67dd65ef7d68bde9147c6244e7aaa8cb275ed6d0ef60301c7e4fbb95a5a42
- SHA512
  
  90941648d2cebf4bcd65e54c503a2ced7362fe2b5afa6772b0ecc8ca945d2e43ea14e90a17e64f3eab8ef76ecbb0ea3cc801dbcfeaa8a90ab8b1fe2e081c17c6
- SSDEEP
  
  3072:KDGRbh7RozAcuolrdTl2E72uRcQnFCt+DVFf/w62dQ:HoTuIT73CG/SQ
Score

3^/10
behavioral14 behavioral15
- Target
  
  $TEMP/BDMPEG1SETUP.EXE
- Size
  
  1.4MB
- MD5
  
  461d135a4fccd51bbae38f742e123fd3
- SHA1
  
  c12a442fbcd4a9c44102f0a560ba03d59bc501ed
- SHA256
  
  4c441e7d744a2a273f780103bcf5bcb1e32c2d9c6a32b62f9044b32107544079
- SHA512
  
  41eb816bf0cc0ca12b5c6c07517cd718b8701255ea81e94ffc937f2538b8cdf5db24751cdbc22fefd6496b767fc0d631fea76216b0363f4b625557097b3caaee
- SSDEEP
  
  24576:KmJpkgDvk80bh06JsAD8JLPHXcovQjy1jR8Qlq7m5xHlwP4mWunSCiwpFHNi:KUM80bO6JsA+jnb9iZK5plDjCTpFU
Score

4^/10
behavioral16 behavioral17
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  15KB
- MD5
  
  67d8f4d5acdb722e9cb7a99570b3ded1
- SHA1
  
  f4a729ba77332325ea4dbdeea98b579f501fd26f
- SHA256
  
  fa8de036b1d9bb06be383a82041966c73473fc8382d041fb5c1758f991afeae7
- SHA512
  
  03999cc26a76b0de6f7e4e8a45137ee4d9c250366ac5a458110f00f7962158311eea5f22d3ee4f32f85aa6969eb143bdb8f03ca989568764ed2bc488c89b4b7f
- SSDEEP
  
  192:CsIZHdT9uwYX94kYd2iCzHR+yK7imphLAykycpKPd5m78ozxGUWumle:CsUHd9GN2d2iwl0impATIPdA78Ov6
Score

3^/10
behavioral18 behavioral19
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  959ea64598b9a3e494c00e8fa793be7e
- SHA1
  
  40f284a3b92c2f04b1038def79579d4b3d066ee0
- SHA256
  
  03cd57ab00236c753e7ddeee8ee1c10839ace7c426769982365531042e1f6f8b
- SHA512
  
  5e765e090f712beffce40c5264674f430b08719940d66e3a4d4a516fd4ade859f7853f614d9d6bbb602780de54e11110d66dbb0f9ca20ef6096ede531f9f6d64
- SSDEEP
  
  192:sRer7uivwq1XpKs4FVWSjMd8tIg2cREbyCsZ8q2R4Sy+Xe:s67Xws4FVWig86/5eCBqSy+Xe
Score

3^/10
behavioral20 behavioral21
- Target
  
  $PLUGINSDIR/UserInfo.dll
- Size
  
  4KB
- MD5
  
  d16e06c5de8fb8213a0464568ed9852f
- SHA1
  
  d063690dc0d2c824f714acb5c4bcede3aa193f03
- SHA256
  
  728472ba312ae8af7f30d758ab473e0772477a68fcd1d2d547dafe6d8800d531
- SHA512
  
  60502bb65d91a1a895f38bd0f070738152af58ffa4ac80bac3954aa8aad9fda9666e773988cbd00ce4741d2454bf5f2e0474ce8ea18cfe863ec4c36d09d1e27a
Score

3^/10
behavioral22 behavioral23
- Target
  
  $SYSDIR/bdmjpeg.dll
- Size
  
  69KB
- MD5
  
  69bc2386dfa5e79bcdd1079b59cca1c4
- SHA1
  
  9a3c030025538ebb1e41c110eb1aea60d888351c
- SHA256
  
  5e81801c3fe84b58dea91c664d4036922c50378207d4ab2853ed59309c03b6f6
- SHA512
  
  f4bf717ef00f6a14b6560aeb8b1efc1e1455eeebf20c2d7745520c5993659793cf09d3d4357388783adf643676fdfe6066c593f62705a9066541d203b6a68a52
- SSDEEP
  
  1536:0pt++CjgDoSOGL7Yx9FiPmeRmpOV+yV+x2W:0f2UDodEPmeRmpOV+yV+x2W
Score

1^/10
behavioral24 behavioral25
- Target
  
  $SYSDIR/bdmjpeg64.dll
- Size
  
  73KB
- MD5
  
  531f17189c60ed61bde4dcc82cc66b59
- SHA1
  
  77cf2141da3a67f51a8a02376ca9d4481f3e4614
- SHA256
  
  4d4551ae19a5aa41fd235a73a9a3bbdda68560968c33f14549fe1ad49de1ded0
- SHA512
  
  b552e8b6e84cf8df6f01b3aba48794fa30fd239cf6f43c658319f38c8a19de555f1204ef1041e57c8ca8318d2ea7c627b3f0ff384fe5768ed4e2212099b22cf1
- SSDEEP
  
  1536:wJQoyIo3+9mAORBlOQZXAkMLakTwritg/49V+DV+62t:FoyI4om/R/CkwakMritg/wV+DV+62t
Score

1^/10
behavioral26 behavioral27
- Target
  
  $SYSDIR/bdmpega.acm
- Size
  
  69KB
- MD5
  
  9b3c54a9c49ca00f5a9da7c7f84a57f9
- SHA1
  
  3fb1409da3e1f87eb4fd35cbd92549f3962f5304
- SHA256
  
  940cfe50336b7865787ee94a7292aa9e38f4ec8714ae06e2969b76b473834cc2
- SHA512
  
  48c7a129ae02a4ea4f2ebb4b8e28b8eaccfcfb37a5fd9b51aec868b45d630e585bd73018225dbbdb1a6fa66382db0420f8f9f8e88efa5149b20f2c5ae1407552
- SSDEEP
  
  1536:WSnI0PYUuguZ707dBDUtatRc3AV+jV+m2P:WkI6h7BDUtatRcQV+jV+m2P
Score

1^/10
behavioral28 behavioral29
- Target
  
  $SYSDIR/bdmpega64.acm
- Size
  
  74KB
- MD5
  
  2f42956d6772a840d47c92c48004c946
- SHA1
  
  a51670ba15ddb1f53bb2c0ad4364a330287c627b
- SHA256
  
  6b3a8585421d68d70f935bc5a656bf5edc6117ebb95f98ef710a4adff5281d1d
- SHA512
  
  4198a8b942fe561d64f7358d26ec67319c8137ba78609066a094ac63f6da56e2bbee38c8dab04757a8a0a956615dfda0d259763a9e2288351a0c39eef28eb93a
- SSDEEP
  
  1536:C2WopVs/uBbcwOTlZTd7wOtO7FxrjaAvvE6V+AaV+0q28:5WopC+bly7fO7FxrjaAvnV+tV+Z28
Score

1^/10
behavioral30 behavioral31
- Target
  
  $SYSDIR/bdmpegv.dll
- Size
  
  69KB
- MD5
  
  90476773f98f4ae0a3cb013f4d21650b
- SHA1
  
  1fad203382e8479be70da44f1ff16b50d12f9e69
- SHA256
  
  ecc73f635ef7f9c165d693acee9250f763caa7e7b6b7795c32823f2e9fd739d9
- SHA512
  
  efeb534a53beea8d7930f230095c57cc4d2a3a501ad356c87c5015d175861dec7fff9584741eb77c70c4ced739754c6097e3f499f061bb13382a9ffc2d6d4e12
- SSDEEP
  
  1536:zQmp+kyjgKeemXkIh9FixwKaRokOV+AwV+D2xn:E0EUulxwKaRokOV+5V+D2xn
Score

1^/10
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Drops file in System32 directory

Event Triggered Execution: Component Object Model Hijacking

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32