aa8ff4d4c4505f9245ae995be2fee8f6a78b1167126e613490e1c22549bdf142

Sharing

Copy URL

Twitter E-mail

General

Target

capcut_capcutpc_invitefission_1.2.4_installer.exe
Size

2.2MB
Sample

240724-1gb1kayckl
MD5

cafd508f953e2d28acf9b49e80bf2fc6
SHA1

0c739749978ef0b6077261e511ab10e9211f2c71
SHA256

aa8ff4d4c4505f9245ae995be2fee8f6a78b1167126e613490e1c22549bdf142
SHA512

3ff026e849378691da40d406ce806c438c8a4f015217731bd132bfccdb58c4832306a3f92aa752af6d3ca71e2425f161155d767e56d23c15f0634424080caab3
SSDEEP

49152:7VhVn6EBMgmH1Cz0DqfMus8/V3sYPyD9+gqulxheyY6:7XVn6OMgmH1CS7ec7fxY6

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  capcut_capcutpc_invitefission_1.2.4_installer.exe
- Size
  
  2.2MB
- MD5
  
  cafd508f953e2d28acf9b49e80bf2fc6
- SHA1
  
  0c739749978ef0b6077261e511ab10e9211f2c71
- SHA256
  
  aa8ff4d4c4505f9245ae995be2fee8f6a78b1167126e613490e1c22549bdf142
- SHA512
  
  3ff026e849378691da40d406ce806c438c8a4f015217731bd132bfccdb58c4832306a3f92aa752af6d3ca71e2425f161155d767e56d23c15f0634424080caab3
- SSDEEP
  
  49152:7VhVn6EBMgmH1Cz0DqfMus8/V3sYPyD9+gqulxheyY6:7XVn6OMgmH1CS7ec7fxY6
Score

9^/10

discovery ransomware
- Renames multiple (566) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1
- Target
  
  $PLUGINSDIR/BgWorker.dll
- Size
  
  2KB
- MD5
  
  33ec04738007e665059cf40bc0f0c22b
- SHA1
  
  4196759a922e333d9b17bda5369f14c33cd5e3bc
- SHA256
  
  50f735ab8f3473423e6873d628150bbc0777be7b4f6405247cddf22bb00fb6be
- SHA512
  
  2318b01f0c2f2f021a618ca3e6e5c24a94df5d00154766b77160203b8b0a177c8581c7b688ffe69be93a69bc7fd06b8a589844d42447f5060fb4bcf94d8a9aef
Score

3^/10

discovery
behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  0d7ad4f45dc6f5aa87f606d0331c6901
- SHA1
  
  48df0911f0484cbe2a8cdd5362140b63c41ee457
- SHA256
  
  3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
- SHA512
  
  c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
- SSDEEP
  
  192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score

3^/10

discovery
behavioral3
- Target
  
  $PLUGINSDIR/deviceregister_shared.dll
- Size
  
  226KB
- MD5
  
  8baaaeacb97679fb495e1c4f902f0a68
- SHA1
  
  29185b00e4c56ff8cc22de64c1407809d60348f1
- SHA256
  
  7c2a74c4be8d524a121e78e763c05c7b5cb58b524119ac8897c493e717a1d42a
- SHA512
  
  49f864332165c0229f0588fa1fd56fdc04bb005be1b61a9367fac5f45c32783e2e633c8acb64c3a921d41d9b79ceb3315813aa409a8f725cc7193958bf4bb8e0
- SSDEEP
  
  6144:5Nj2oPjbpV4hliZ7xsFARHtw+WY0L1TBWoBvF:6KV4hliZ7KFAb+L1TIo
Score

3^/10

discovery
behavioral4
- Target
  
  $PLUGINSDIR/downloader_nsis_plugin.dll
- Size
  
  1.2MB
- MD5
  
  14930a06cbfb26d5ffffd354fa12d5f8
- SHA1
  
  1de289bab03eaad965e419d657c3531a3738c558
- SHA256
  
  3ef7a13886328dafba1c49ec096da122e63839ac6965bf4f3d4dcce3a35ccc6d
- SHA512
  
  385268602f050c060795312c9cb86e979030a21b8cecc20303b346bbc0800a468a84a291224592d9b0e43458e579660b8062f6b9cba3b2e79aab5015d1dcc67b
- SSDEEP
  
  24576:eDe+j+n40zyob+w+LsoZttOWR7vDzAOdYKT9s6rNnb3Khz:Eei+n7zy2ULsGjOWR7vDzhdYKThNnzKN
Score

3^/10

discovery
behavioral5
- Target
  
  $PLUGINSDIR/res.zip
- Size
  
  160KB
- MD5
  
  c9eb579f9346b36d228daec5d7078b97
- SHA1
  
  03ccc0da5e8d2f91497821045951889e019aaaf2
- SHA256
  
  cb4a1ea525ae60f66bbdc24819bd9fffda9a1040492a0d639326622190470e50
- SHA512
  
  4bf05141e032809edb531e132928e09922329e89d4ea895d2f94c1845277dea7c5bb025b1ed6c56bd727f1c387698a859bf5bf329a13f60e627f7837948d29bc
- SSDEEP
  
  3072:WlbNMh58abnJ6taLk0gLP5mAueGiXNMEQyKwt:bz/d6t+aLP5mA5G+N/Jtt
Score

1^/10
behavioral6
- Target
  
  app_warning_icon.png
- Size
  
  10KB
- MD5
  
  ff33518be442da6232709553157e2418
- SHA1
  
  a68eeced8fa5a2ab918e9d4c575ff09839624efb
- SHA256
  
  2c8cdbdfa2a99200718901ed35bb56ea90f8fed9934aecd640d9507b677f7025
- SHA512
  
  02858ae7e65c33c21952e65eef49d74c4c4398e7b9a04eb9c7b50ad0fa24d3025f377ffadfc2e9b9e07d112efd3468bdce4f71a146608287827a65f2e057f83e
- SSDEEP
  
  192:vDbpB1zqKLGqqeSaU18Ft/TCpZu2cphDjlVq4kw9oTrRpa1s:npB1ztG3D18FtLkDmhDxVahpss
Score

3^/10
behavioral7
- Target
  
  banner_bk.jpg
- Size
  
  83KB
- MD5
  
  245b96c88020b408e92a4f3ff77d9ac7
- SHA1
  
  eb04cd6411ac4fa24dd4248004e9521186206a9b
- SHA256
  
  c4b98d49afd4beab5b0f549cb9674f61e2156d273626f17e8d84129c127684f5
- SHA512
  
  fd2f09c8a02d43d8ce8ca53959804cd3265d426cad6a40d3fad6cd7423c952f62ccfb1e46832af3dc66070c008c7812caa3bb9d2702dd55ab77da785cab05c79
- SSDEEP
  
  1536:9uUUgVClmd0qp3Atu7wnmGrmMFcjYe9QK+uRNTFzTxBNeCBoygO:U8VCozwnmGrmvO+tpjeCfP
Score

3^/10
behavioral8
- Target
  
  btn_dark_1_disable.png
- Size
  
  495B
- MD5
  
  653d579d6668c1431cac857b7efe5034
- SHA1
  
  0a606960becc6b7b40f97b34bf4bcb46f679cd45
- SHA256
  
  1214f419b0f821daa6ee796b284662c25002f579d3045b50e82ab8a531925cf0
- SHA512
  
  487b869f9933991c026708e8b47ca34bc268d2f0680a52dab50d99b39d62d669409d999274b3c193b0076a4e03d86b7843efe3ced41fb8a9fdc986c75032917e
Score

3^/10
behavioral9
- Target
  
  btn_dark_1_hover.png
- Size
  
  500B
- MD5
  
  e2d1d028a247d172652fa902395da9a1
- SHA1
  
  80098c9e5ff0e2d53cdd07a132564dc6b9bfe786
- SHA256
  
  361ca657c498b9762869f0561fb0e8346c1d7d511fa8351b704c2b6b67e8017d
- SHA512
  
  5abb58988d1b5072dee85878ba28bd75e2e2a59dc617fbf1fa9e6ca0c96695ff15aed275d6c5653f3e6a594f69d77ca73a5d0ab8488a67dacc7ed44fa32db0b7
Score

3^/10
behavioral10
- Target
  
  btn_dark_1_normal.png
- Size
  
  465B
- MD5
  
  0a6953548ea99f1f3c609f371680de1e
- SHA1
  
  a43039665aa11953064c67535c6c0730e0d42715
- SHA256
  
  f7d278ca8bd08b29bd93c95cdc0232b23ba5bdce09ddc9ccf77a4570c5efc0b7
- SHA512
  
  27daee094b0c04d1967243881cf91128107735f7b378b3dc848eaf4ba7a3c658c7d95eb9f826514f47c82fea0f6a69a8af3a75f9887e009c03dc692e657993fb
Score

3^/10
behavioral11
- Target
  
  btn_dark_1_pushed.png
- Size
  
  455B
- MD5
  
  e9d2c7a7ae25969a0e166d51c921660d
- SHA1
  
  4387b00f8c545a1b25156ddec6c98b3400e379dd
- SHA256
  
  835474b1387b98bd5837668661396fc7cfaa7c934d3422c923ebe9553e5d9552
- SHA512
  
  18da16fa24ce72f66331605e6f7938727373c06b8b97c1ef9789cdd5d4e3178623130a1fa01464211e9db33913c518a2aa1de0ee1eb8f09ab55f4e3082359efe
Score

3^/10
behavioral12
- Target
  
  btn_dir_disable.png
- Size
  
  634B
- MD5
  
  71e683c7fca17d19e59d536056cea81d
- SHA1
  
  80196242b17fe96af99d4663b1bbb912b617fe26
- SHA256
  
  551e25a738681d1365e8853bea823ebb8bdfea8547e5843bf076173be4151689
- SHA512
  
  e63f3f5ba9453687c7c07e2bf9c63974dbac1d916fa3a21f3882e12b60dcb361cb43ba00e9e390e8214347c5e9795021cb1612b7843ab0b18c5239ee865a1fc3
Score

3^/10
behavioral13
- Target
  
  btn_dir_hover.png
- Size
  
  1KB
- MD5
  
  f1446398846b2f7c7779b3a4e34c930a
- SHA1
  
  2adf38f8a439f1e3ee666df91b20a0836e69a265
- SHA256
  
  cf1abbf3c06ef18818272eeae0bf5197e9982385c0633a03e06caef2eea479cd
- SHA512
  
  48e9f62011e6a780c267882613c3c3dedfed0340ac8fedf225d99772d62a8212e1da3d13edc182b924e36fec1f3bd9eab6a42a3360d85320fb38050a3a852534
Score

3^/10
behavioral14
- Target
  
  btn_dir_normal.png
- Size
  
  599B
- MD5
  
  69c49053991a8044a2a3e9330d56f650
- SHA1
  
  e52b4c21b2616a23f4c534b52923fc8eddfca25a
- SHA256
  
  c3d4853cf097def877b54bd9f66ec2beff88d5210306959570e85c0a6b8e1eef
- SHA512
  
  66aba66ab169df7da16cf0a52bbb5fc8562ec04487cec6e2cb25892eb25be76d82f29ec17e6cc92640667f74c433d691b5ea83fb86385998baa44b5461b03643
Score

3^/10
behavioral15
- Target
  
  btn_dir_pushed.png
- Size
  
  577B
- MD5
  
  34e768fe73d27f826589add661153ede
- SHA1
  
  7d7d015b2f428e7bb77ce511b23d27567e086483
- SHA256
  
  8e3cd0fff2a8dc5697b513b3164ff7dcffa30cc7deec7b104e29cede1ab71b0b
- SHA512
  
  80db2b26f4a1af423ea9f16bba4d861cfac428e2f8a4b7772101c0e012c1447027b9057876c8bf2b2a74bb6dc3fa91893bbdf1fee559694af8815f4996bd8edb
Score

3^/10
behavioral16
- Target
  
  btn_light_1_disable.png
- Size
  
  492B
- MD5
  
  8fb53c31caed1d4e2e7aaa2151c3b545
- SHA1
  
  f6282720b7c40ddf21428c706c4e012ccac1cc33
- SHA256
  
  ee1904409587a1e75faf9bfec6f6d2ce5413edec9116733835879d8b5d990197
- SHA512
  
  0c03a189facfe2b44538c5675be53818164d4c2355dbb56cae63f6bfe30e35a19b443213485b3e6643cb3a6732eb5dac89dc899c4ca3d1221d939054aea6541c
Score

3^/10
behavioral17
- Target
  
  btn_light_1_hover.png
- Size
  
  494B
- MD5
  
  6a0d444589145f8369df4a3986b005b1
- SHA1
  
  08abb60fe030dee3f7c68dc9f7b3bf0d02052982
- SHA256
  
  6abdcc2804ae674ad4ba11ec8b353c13cdc9b263198ca9d2e37198e99e9e4df8
- SHA512
  
  8881d0a4282be3638b11b5585c033930f0a3500f8d6d48f4d77d26c4a4a9f368f44b32d90b44c3fd2d7645e92fe032d5f178ce87428bfd955636e3fbe206abd2
Score

3^/10
behavioral18
- Target
  
  btn_light_1_normal.png
- Size
  
  455B
- MD5
  
  2463b4627fccb75b784b16740842265c
- SHA1
  
  3cb1dc87af18dd1e4566c3acdc75e9fb632f1fbd
- SHA256
  
  9e3c300ac8025bc8e49a45edc9f95150b3314d10cca24c1718a03cbef05a98a9
- SHA512
  
  0ede99912c38d5c1a3be9fa781bf1594b68d8138af7fa0a8e328a3ee05c6469da70f0cd662b225071f145e039efa8d43fbd2624d99fe3f7fa37ab9b519e9bbca
Score

3^/10
behavioral19
- Target
  
  btn_light_1_pushed.png
- Size
  
  480B
- MD5
  
  d34456d7c6232b5a55612103753d7cb4
- SHA1
  
  a020274309531263c05b6d1c878caed685056cbc
- SHA256
  
  947b5c313ab55727f70d239f84abeb709eb499d88ad16321262ba1c6b3ae4137
- SHA512
  
  cdf387f6d6ad23a6948948c58e957e8536de21197abd9d09643ed921cde793dd219c1c0607b4e7df2b4304e76c131bb33beedf20c19836b909fdafd835eefe5d
Score

3^/10
behavioral20
- Target
  
  ckb_1_off.png
- Size
  
  358B
- MD5
  
  84b46a95105a6a95e2dacef203d85fc3
- SHA1
  
  48d6cf9b3652053ba7fbe22d583fe2435aa6d2e4
- SHA256
  
  2e236142770e22021e524eb896769204f818323c615c603ba21aaf5af7f6b8e5
- SHA512
  
  e739ce286cf1ea03f3411f5d521d5981bd184de9dfd6d0952613f2fce66e275215e580ff9f3bae081fe0cb974b6b6d7f2554320794ab079b56f7482433d36a61
Score

3^/10
behavioral21
- Target
  
  ckb_1_on.png
- Size
  
  530B
- MD5
  
  f453a9815a8b55c16ca681e5b22b44e6
- SHA1
  
  e3af308e5cdf81b623d108256df2c989be60fd53
- SHA256
  
  3f910460f804ff3050d0960c2e362325c93c619d0a0f6b0225df187c96b6b104
- SHA512
  
  87828b12d7984504c623bd6989f9fd54659540a16eb0f9c90cf91123439e397545c72ea35dae93a19976f54452e9fdb1075d9f33c37980339ff75539f95c22d8
Score

3^/10
behavioral22
- Target
  
  i18n.json
- Size
  
  1KB
- MD5
  
  55a3039856b3ca7866c9e2ff124ca303
- SHA1
  
  ec4916c38e529fb4c08e0931fbecad254ad48c6a
- SHA256
  
  66ae3c15f90cdf9f7b55b56b189e56f8d197c61f015ca75673966451f4331413
- SHA512
  
  2fb0260daed8a3d95d902b263b573fd23c4f22f6fe3bb74e44598dfa6f4342a8b941265672c01e3650e858c298fac367341475c1d9dc6da0af11de0c3fc5c430
Score

3^/10
behavioral23
- Target
  
  ic_close.png
- Size
  
  348B
- MD5
  
  40d5c6af25ca8309d039a202e9065ac5
- SHA1
  
  ed48b1b183765714d088944d2369b0fc78bbcec3
- SHA256
  
  ee03a30ce87aecdad032b654c877a9d87effa8951444df6de4148c8d2422b3bf
- SHA512
  
  48602e4e81a4612996dbf462d7b89fa924446075b563e56c0a33e54b92b9f0e58f1922e68db9d3bab3bae17aa2dd813967b9a377d2decf24565f274abccb67fc
Score

3^/10
behavioral24
- Target
  
  ic_close_disabled.png
- Size
  
  348B
- MD5
  
  40d5c6af25ca8309d039a202e9065ac5
- SHA1
  
  ed48b1b183765714d088944d2369b0fc78bbcec3
- SHA256
  
  ee03a30ce87aecdad032b654c877a9d87effa8951444df6de4148c8d2422b3bf
- SHA512
  
  48602e4e81a4612996dbf462d7b89fa924446075b563e56c0a33e54b92b9f0e58f1922e68db9d3bab3bae17aa2dd813967b9a377d2decf24565f274abccb67fc
Score

3^/10
behavioral25
- Target
  
  ic_close_hover.png
- Size
  
  348B
- MD5
  
  40d5c6af25ca8309d039a202e9065ac5
- SHA1
  
  ed48b1b183765714d088944d2369b0fc78bbcec3
- SHA256
  
  ee03a30ce87aecdad032b654c877a9d87effa8951444df6de4148c8d2422b3bf
- SHA512
  
  48602e4e81a4612996dbf462d7b89fa924446075b563e56c0a33e54b92b9f0e58f1922e68db9d3bab3bae17aa2dd813967b9a377d2decf24565f274abccb67fc
Score

3^/10
behavioral26
- Target
  
  ic_close_pushed.png
- Size
  
  348B
- MD5
  
  40d5c6af25ca8309d039a202e9065ac5
- SHA1
  
  ed48b1b183765714d088944d2369b0fc78bbcec3
- SHA256
  
  ee03a30ce87aecdad032b654c877a9d87effa8951444df6de4148c8d2422b3bf
- SHA512
  
  48602e4e81a4612996dbf462d7b89fa924446075b563e56c0a33e54b92b9f0e58f1922e68db9d3bab3bae17aa2dd813967b9a377d2decf24565f274abccb67fc
Score

3^/10
behavioral27
- Target
  
  ic_min.png
- Size
  
  154B
- MD5
  
  37b7b5e0b75f303ec45d8db2ea24da92
- SHA1
  
  630047dd3894c19a6eaaeed56d7f617169e815fb
- SHA256
  
  d3821e105c8c4acda4129f831d246114cf21983b4ca46f25c64011760abe99c3
- SHA512
  
  48a3eb41027a53a6b9d0ab0aa23fc19d705c1829ae14ebc7174f5e78732f2b2340ee1f0f48ce94676c393ae47192914ec2cdcbe0a564715f483578ae9451c262
Score

3^/10
behavioral28
- Target
  
  ic_min_disabled.png
- Size
  
  154B
- MD5
  
  37b7b5e0b75f303ec45d8db2ea24da92
- SHA1
  
  630047dd3894c19a6eaaeed56d7f617169e815fb
- SHA256
  
  d3821e105c8c4acda4129f831d246114cf21983b4ca46f25c64011760abe99c3
- SHA512
  
  48a3eb41027a53a6b9d0ab0aa23fc19d705c1829ae14ebc7174f5e78732f2b2340ee1f0f48ce94676c393ae47192914ec2cdcbe0a564715f483578ae9451c262
Score

3^/10
behavioral29
- Target
  
  ic_min_hover.png
- Size
  
  154B
- MD5
  
  37b7b5e0b75f303ec45d8db2ea24da92
- SHA1
  
  630047dd3894c19a6eaaeed56d7f617169e815fb
- SHA256
  
  d3821e105c8c4acda4129f831d246114cf21983b4ca46f25c64011760abe99c3
- SHA512
  
  48a3eb41027a53a6b9d0ab0aa23fc19d705c1829ae14ebc7174f5e78732f2b2340ee1f0f48ce94676c393ae47192914ec2cdcbe0a564715f483578ae9451c262
Score

3^/10
behavioral30
- Target
  
  ic_min_pushed.png
- Size
  
  154B
- MD5
  
  37b7b5e0b75f303ec45d8db2ea24da92
- SHA1
  
  630047dd3894c19a6eaaeed56d7f617169e815fb
- SHA256
  
  d3821e105c8c4acda4129f831d246114cf21983b4ca46f25c64011760abe99c3
- SHA512
  
  48a3eb41027a53a6b9d0ab0aa23fc19d705c1829ae14ebc7174f5e78732f2b2340ee1f0f48ce94676c393ae47192914ec2cdcbe0a564715f483578ae9451c262
Score

3^/10
behavioral31
- Target
  
  $PLUGINSDIR/shell_downloader.dll
- Size
  
  2.2MB
- MD5
  
  30c4aa9356d60d2039ed6bfb7850c4c1
- SHA1
  
  ef23c32dab6ed871527151932bbfe8b917d507af
- SHA256
  
  0c4abb66d9a69c80cfaa0eb3c988d4dc40d989843a87e95ed3cc6e75dae31559
- SHA512
  
  f425c9fcefd2ed55160d173b8e441f7867307fd006b0f01a655120ba150d87568ddc6266d36163267ce508df8147a97c16982093808c766051ca1e02ba9cc62b
- SSDEEP
  
  49152:6oiR6tzluS2KbICD13Nw2FiBLROWnhJV:6oiR+zDhbB19w+i1ROW
Score

3^/10

discovery
behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Targets

Renames multiple (566) files with added filename extension

Suspicious use of NtCreateThreadExHideFromDebugger

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32