General

  • Target

    DroidCam.Setup.6.5.2.exe

  • Size

    15.6MB

  • Sample

    240801-zspv5awenp

  • MD5

    d952d907646a522caf6ec5d00d114ce1

  • SHA1

    75ad9bacb60ded431058a50a220e22a35e3d03f7

  • SHA256

    f92ad1e92780a039397fd62d04affe97f1a65d04e7a41c9b5da6dd3fd265967e

  • SHA512

    3bfaee91d161de09c66ef7a85ad402f180624293cdc13d048edbeec5a3c4ad2bc84d5fde92383feb9b9f2d83e40a3e9ff27e81a32e605513611b6001f284b9fe

  • SSDEEP

    393216:oZsfK4YUD12zS7SEOegn4j7BgNE9O+wcDGFdClu8ZLzzpC4:gsfKPUD1kS7249O3cDGvClnlC4

Malware Config

Targets

    • Target

      DroidCam.Setup.6.5.2.exe

    • Size

      15.6MB

    • MD5

      d952d907646a522caf6ec5d00d114ce1

    • SHA1

      75ad9bacb60ded431058a50a220e22a35e3d03f7

    • SHA256

      f92ad1e92780a039397fd62d04affe97f1a65d04e7a41c9b5da6dd3fd265967e

    • SHA512

      3bfaee91d161de09c66ef7a85ad402f180624293cdc13d048edbeec5a3c4ad2bc84d5fde92383feb9b9f2d83e40a3e9ff27e81a32e605513611b6001f284b9fe

    • SSDEEP

      393216:oZsfK4YUD12zS7SEOegn4j7BgNE9O+wcDGFdClu8ZLzzpC4:gsfKPUD1kS7249O3cDGvClnlC4

    • Legitimate hosting services abused for malware hosting/C2

    • Mark of the Web detected: This indicates that the page was originally saved or cloned.

    • Network Service Discovery

      Attempt to gather information on host's network.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c9473cb90d79a374b2ba6040ca16e45c

    • SHA1

      ab95b54f12796dce57210d65f05124a6ed81234a

    • SHA256

      b80a5cba69d1853ed5979b0ca0352437bf368a5cfb86cb4528edadd410e11352

    • SHA512

      eafe7d5894622bc21f663bca4dd594392ee0f5b29270b6b56b0187093d6a3a103545464ff6398ad32d2cf15dab79b1f133218ba9ba337ddc01330b5ada804d7b

    • SSDEEP

      192:cPtkumJX7zBE2kGwfy9S9VkPsFQ1MZ1c:N7O2k5q9wA1MZa

    Score
    3/10
    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      9KB

    • MD5

      12465ce89d3853918ed3476d70223226

    • SHA1

      4c9f4b8b77a254c2aeace08c78c1cffbb791640d

    • SHA256

      5157fe688cca27d348171bd5a8b117de348c0844ca5cb82bc68cbd7d873a3fdc

    • SHA512

      20495270bcd0cae3102ffae0a3e783fad5f0218a5e844c767b07a10d2cfab2fab0afb5e07befa531ba466393a3d6255741f89c6def21ec2887234f49adceea2f

    • SSDEEP

      96:oOYqZ4zC5RH3cXX1LlYlRowycxM2DjDf3GEst+Nt+jvDYx4L7qndYHnxss:oOYq+CP3uKrpyREs06YxA2dGn

    Score
    3/10
    • Target

      $PLUGINSDIR/nsExec.dll

    • Size

      6KB

    • MD5

      0a6f707fa22c3f3e5d1abb54b0894ad6

    • SHA1

      610cb2c3623199d0d7461fc775297e23cef88c4e

    • SHA256

      370e47364561fa501b1300b056fb53fae12b1639fdf5f113275bee03546081c0

    • SHA512

      af0c8ca0c892f1b757fbd700061f3d81417dff11d89bdff45e977de81ad51c97862406cf7e230e76cf99497f93f57bf09609740953cd81b0d795465ac2623ea8

    • SSDEEP

      96:e97GUxNkO6GR0t9GKKr1Zd8NHYVVHp4dEeY3kRnHdMqqyVgN0u3e:eBXhHR0aTQN4gRHdMqJVgN0N

    Score
    3/10
    • Target

      DroidCamApp.exe

    • Size

      942KB

    • MD5

      f8c12fc1b20887fdb70c7f02f0d7bfb3

    • SHA1

      28d18fd281e17c919f81eda3a2f0d8765f57049f

    • SHA256

      082f5c3fd2fd80505cbd4dbdbb7c50e83c2e81f033a04ea53832dbf0a3fc4933

    • SHA512

      97c5d158abb119e076ace4b1398de19029b5d44566d9a293811bf7edbb0db120354cc396aed72bf62766799dc5db266d4b2ee7aee3ffc2818d8be77a4665ad2f

    • SSDEEP

      24576:D/dq/HzoLl++FWslfFazAbeJGOvSCspptIA:D/dq/HzoLlFzLbtCaIA

    Score
    3/10
    • Target

      adb/AdbWinApi.dll

    • Size

      95KB

    • MD5

      ed5a809dc0024d83cbab4fb9933d598d

    • SHA1

      0bc5a82327f8641d9287101e4cc7041af20bad57

    • SHA256

      d60103a5e99bc9888f786ee916f5d6e45493c3247972cb053833803de7e95cf9

    • SHA512

      1fdb74ee5912fbdd2c0cba501e998349fecfbef5f4f743c7978c38996aa7e1f38e8ac750f2dc8f84b8094de3dd6fa3f983a29f290b3fa2cdbdaed691748baf17

    • SSDEEP

      1536:Jwqdq+3pvspmLh8SCykrpTG7kfGHuNezq02XJqo+iFi1yCP:JwqD3L8Tezq0et+ui1y

    Score
    3/10
    • Target

      adb/AdbWinUsbApi.dll

    • Size

      61KB

    • MD5

      0e24119daf1909e398fa1850b6112077

    • SHA1

      293eedadb3172e756a421790d551e407457e0a8c

    • SHA256

      25207c506d29c4e8dceb61b4bd50e8669ba26012988a43fbf26a890b1e60fc97

    • SHA512

      9cbb26e555ab40b019a446337db58770b9a0c9c08316ff1e1909c4b6d99c00bd33522d05890870a91b4b581e20c7dce87488ab0d22fc3c4bbdd7e9b38f164b43

    • SSDEEP

      1536:l72doFmOiHizFbPlspcsbj5ZsP+YeTs1p:lSSfN9+YeTs1p

    Score
    3/10
    • Target

      adb/adb.exe

    • Size

      4.5MB

    • MD5

      3cb9f5e6fa7f2b9949f375f7f7ab2586

    • SHA1

      340a7e2a5b3ac0c3077b8cf7ab476ce0139c3f47

    • SHA256

      634ab9882b5427a245bd139e5b7a2b5d10b24c4b50506257b5404c01882ccc02

    • SHA512

      90132034b2076afab6253a17e3792f797fd888d5f1cdc47e399772bfb97de1567cbd0ea2fff253d232c97da2b4446e7ec7a96931a480675f60a338f2f24e8b12

    • SSDEEP

      49152:vcTKhBwmtIIt8U731BjvgVkJVBvZyBdcBeqOOYHKi3TuuByiPT5mj4yl264bJlck:vGTUI1U731BjnP4cBeHO9pu+GED/0+

    Score
    3/10
    • Target

      lib/DroidCamFilter32.ax

    • Size

      84KB

    • MD5

      efe71ae8a02ca59a0855cd649f5e58b8

    • SHA1

      0a5ba3257ad82f71890c0fa55a5f7405d0b6b4ac

    • SHA256

      ffb22ab7b98ecc98c22cf675bfab61c875127137277e1f66bc3d7269c3b42652

    • SHA512

      bad93c560355019f739158d2a25e7643a08cdcb000b378099aa2431ba4d023aa72741e674912d738b0ac6d21e44417f5406eee67f16035f6a783a5226b0d65a4

    • SSDEEP

      1536:Jld1X/W0/2LAd2btU5b7ToSWVd1MjYx0EY6uJotlzoOaB2mu0gFfhdtmPv2kXlOZ:J/1Xue2LY2e5b7ToSWV7MjYFuJotlSug

    Score
    3/10
    • Target

      lib/insdrv.exe

    • Size

      12KB

    • MD5

      b32d29447b5a7a4b8e62f7df5efec272

    • SHA1

      4cf32f4a969f62e8c580be3641748b4832397811

    • SHA256

      1cd0c2ba5eeaf5519055924f049a4c7feae999126a7c81a16961e486902a1bad

    • SHA512

      f26e3e9e9bb3700422843a54a3ef45dcda7073f1af2c36c105f88a6ccead4b4931007341e58f468b4481b676e713c708e3f7aa27360a86599ad7dc01e26b91e6

    • SSDEEP

      192:HI4SGHjM9zdjKgOMNhbwi5BlLot6OnTVYy78b55Tl/QJEu7aPHAVIb/K:oVUM9RegOMrbwVtzTNuTKb7aPTu

    Score
    3/10
    • Target

      plist.dll

    • Size

      53KB

    • MD5

      ab595bc9a0f6f0d00b1f50a7e81ac5fb

    • SHA1

      5798394a3863c2eb67d541eac914562d831e769c

    • SHA256

      0a1e27ced2f8ce0314353c82f30ee8140fde2e2725c4276390922930aafca773

    • SHA512

      ac6607e0da96e11b54f1d4b2a2c918deb1acad021823df2cc9c27b3d9c9556c29db5fe6aec3e9767999e3c0250544196bed47ff047176adf3fece63baccd2480

    • SSDEEP

      768:VOjVJ0t2d6Q1rk4G5aN0pn6ZWj+Hgq7yeHT9kyLfPPAVXSC6IHpyU:KeMkRQUj+Hgq7DkyLfHAVXSBII

    Score
    3/10
    • Target

      usbmuxd.dll

    • Size

      31KB

    • MD5

      b2da89f5aaf0f2b85a4c41f5a7019125

    • SHA1

      38bb05d675e12a68bc80ecc819e0e363b673bb05

    • SHA256

      333bda59aea7770d4a1f7ab7a320d1b5e904b67f7c710988b5893177924a0d5f

    • SHA512

      5c71afe1a8d768c51781dc0b633369e4a47c4068fd7eaea81088a538e57d8421ec021b357ac902dde91f468da5c4cbae7dbcd636434eda215a8a6b948472e641

    • SSDEEP

      768:be22XU9oFPG+aFTqsxrPHC1dHmkrQWrJg:S22XYhY15mAtg

    Score
    3/10
    • Target

      vc_redist.x86.exe

    • Size

      13.1MB

    • MD5

      1a15e6606bac9647e7ad3caa543377cf

    • SHA1

      bfb74e498c44d3a103ca3aa2831763fb417134d1

    • SHA256

      fdd1e1f0dcae2d0aa0720895eff33b927d13076e64464bb7c7e5843b7667cd14

    • SHA512

      e8cb67fc8e0312da3cc98364b96dfa1a63150ab9de60069c4af60c1cf77d440b7dffe630b4784ba07ea9bf146bdbf6ad5282a900ffd6ab7d86433456a752b2fd

    • SSDEEP

      393216:S1RPq5dCsKSR65cX7Eyd/qnejOFxP7OEnl4L/Vvc:yP5iw56oyleej2OEnlwc

    Score
    7/10
    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks