Overview

overview

5

Static

static

3

capcut_cap...1).exe

windows7-x64

5

capcut_cap...1).exe

windows10-2004-x64

4

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ed.dll

windows7-x64

3

$PLUGINSDI...ed.dll

windows10-2004-x64

3

$PLUGINSDI...in.dll

windows7-x64

3

$PLUGINSDI...in.dll

windows10-2004-x64

3

$PLUGINSDIR/res.zip

windows7-x64

1

$PLUGINSDIR/res.zip

windows10-2004-x64

1

lang/ms-MY.json

windows7-x64

3

lang/ms-MY.json

windows10-2004-x64

3

lang/nl-NL.json

windows7-x64

3

lang/nl-NL.json

windows10-2004-x64

3

lang/pl-PL.json

windows7-x64

3

lang/pl-PL.json

windows10-2004-x64

3

lang/pt-BR.json

windows7-x64

3

lang/pt-BR.json

windows10-2004-x64

3

lang/ro-RO.json

windows7-x64

3

lang/ro-RO.json

windows10-2004-x64

3

lang/ru-RU.json

windows7-x64

3

lang/ru-RU.json

windows10-2004-x64

3

lang/sv-SE.json

windows7-x64

3

lang/sv-SE.json

windows10-2004-x64

3

lang/th-TH.json

windows7-x64

3

lang/th-TH.json

windows10-2004-x64

3

lang/tr-TR.json

windows7-x64

3

lang/tr-TR.json

windows10-2004-x64

3

lang/vi-VN.json

windows7-x64

3

lang/vi-VN.json

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    capcut_capcutpc_invitefission_1.2.4_installer(1).exe

  • Size

    2.2MB

  • Sample

    240914-bl6nasyhlq

  • MD5

    cafd508f953e2d28acf9b49e80bf2fc6

  • SHA1

    0c739749978ef0b6077261e511ab10e9211f2c71

  • SHA256

    aa8ff4d4c4505f9245ae995be2fee8f6a78b1167126e613490e1c22549bdf142

  • SHA512

    3ff026e849378691da40d406ce806c438c8a4f015217731bd132bfccdb58c4832306a3f92aa752af6d3ca71e2425f161155d767e56d23c15f0634424080caab3

  • SSDEEP

    49152:7VhVn6EBMgmH1Cz0DqfMus8/V3sYPyD9+gqulxheyY6:7XVn6OMgmH1CS7ec7fxY6

Score
5/10
discovery

Malware Config

Targets

    • Target

      capcut_capcutpc_invitefission_1.2.4_installer(1).exe

    • Size

      2.2MB

    • MD5

      cafd508f953e2d28acf9b49e80bf2fc6

    • SHA1

      0c739749978ef0b6077261e511ab10e9211f2c71

    • SHA256

      aa8ff4d4c4505f9245ae995be2fee8f6a78b1167126e613490e1c22549bdf142

    • SHA512

      3ff026e849378691da40d406ce806c438c8a4f015217731bd132bfccdb58c4832306a3f92aa752af6d3ca71e2425f161155d767e56d23c15f0634424080caab3

    • SSDEEP

      49152:7VhVn6EBMgmH1Cz0DqfMus8/V3sYPyD9+gqulxheyY6:7XVn6OMgmH1CS7ec7fxY6

    Score
    5/10
    discovery

    • Suspicious use of NtCreateThreadExHideFromDebugger

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/BgWorker.dll

    • Size

      2KB

    • MD5

      33ec04738007e665059cf40bc0f0c22b

    • SHA1

      4196759a922e333d9b17bda5369f14c33cd5e3bc

    • SHA256

      50f735ab8f3473423e6873d628150bbc0777be7b4f6405247cddf22bb00fb6be

    • SHA512

      2318b01f0c2f2f021a618ca3e6e5c24a94df5d00154766b77160203b8b0a177c8581c7b688ffe69be93a69bc7fd06b8a589844d42447f5060fb4bcf94d8a9aef

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      0d7ad4f45dc6f5aa87f606d0331c6901

    • SHA1

      48df0911f0484cbe2a8cdd5362140b63c41ee457

    • SHA256

      3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

    • SHA512

      c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

    • SSDEEP

      192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      $PLUGINSDIR/deviceregister_shared.dll

    • Size

      226KB

    • MD5

      8baaaeacb97679fb495e1c4f902f0a68

    • SHA1

      29185b00e4c56ff8cc22de64c1407809d60348f1

    • SHA256

      7c2a74c4be8d524a121e78e763c05c7b5cb58b524119ac8897c493e717a1d42a

    • SHA512

      49f864332165c0229f0588fa1fd56fdc04bb005be1b61a9367fac5f45c32783e2e633c8acb64c3a921d41d9b79ceb3315813aa409a8f725cc7193958bf4bb8e0

    • SSDEEP

      6144:5Nj2oPjbpV4hliZ7xsFARHtw+WY0L1TBWoBvF:6KV4hliZ7KFAb+L1TIo

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      $PLUGINSDIR/downloader_nsis_plugin.dll

    • Size

      1.2MB

    • MD5

      14930a06cbfb26d5ffffd354fa12d5f8

    • SHA1

      1de289bab03eaad965e419d657c3531a3738c558

    • SHA256

      3ef7a13886328dafba1c49ec096da122e63839ac6965bf4f3d4dcce3a35ccc6d

    • SHA512

      385268602f050c060795312c9cb86e979030a21b8cecc20303b346bbc0800a468a84a291224592d9b0e43458e579660b8062f6b9cba3b2e79aab5015d1dcc67b

    • SSDEEP

      24576:eDe+j+n40zyob+w+LsoZttOWR7vDzAOdYKT9s6rNnb3Khz:Eei+n7zy2ULsGjOWR7vDzhdYKThNnzKN

    Score
    3/10
    discovery
    behavioral10behavioral9

    • Target

      $PLUGINSDIR/res.zip

    • Size

      160KB

    • MD5

      c9eb579f9346b36d228daec5d7078b97

    • SHA1

      03ccc0da5e8d2f91497821045951889e019aaaf2

    • SHA256

      cb4a1ea525ae60f66bbdc24819bd9fffda9a1040492a0d639326622190470e50

    • SHA512

      4bf05141e032809edb531e132928e09922329e89d4ea895d2f94c1845277dea7c5bb025b1ed6c56bd727f1c387698a859bf5bf329a13f60e627f7837948d29bc

    • SSDEEP

      3072:WlbNMh58abnJ6taLk0gLP5mAueGiXNMEQyKwt:bz/d6t+aLP5mA5G+N/Jtt

    Score
    1/10
    behavioral11behavioral12

    • Target

      lang/ms-MY.json

    • Size

      2KB

    • MD5

      5a59e999246dd4d5e874e776c68b94d4

    • SHA1

      5b45d640a961f60940b2d6e7caca06f97a525772

    • SHA256

      2d9714079757c7f699ba2672f82bbc74589087b8d0e8b913ecec6b8e3bb5a9f1

    • SHA512

      519326129f232d2515dffef1bd1f571457f18118194249980d83e848183cc29e5aa5e9486a935ef8537151b7fcd1e9e169c0b8c36a94ae2b1fb504da9b51efd7

    Score
    3/10
    discovery
    behavioral13behavioral14

    • Target

      lang/nl-NL.json

    • Size

      2KB

    • MD5

      97a04f852837c572b7bbc533f146174d

    • SHA1

      c946080a82ac672bafd3e2623b73f86a6cc1ff35

    • SHA256

      42c7c40ab390dc3d2bf6e1579fb864d0c0218b4f4eff8201ec5b90e600d8bf3a

    • SHA512

      2dbbc3e4485c6e17bfbcd0a7842c544006df88df72a820420b4074c416b0a975a742d4483daeecba7a950e6524ff4739ee2c4c4443bdaa7a7a2112d62176e3cf

    Score
    3/10
    discovery
    behavioral15behavioral16

    • Target

      lang/pl-PL.json

    • Size

      2KB

    • MD5

      d367999096eb045c6279b77b81d70922

    • SHA1

      4ac8a483ee064a37566696e9410b14bb90ef9825

    • SHA256

      0f12080c61b44c1d9318d8c0309300febc0f95510cba1f28a118524201b0e512

    • SHA512

      3c1f85bd14ff4a4b840f3db06a2030fd71f0b1be0fc1d4122e237da6f60294a2313079e68d71342198bfc9a095cadcc3938cb513cbe9db6f1825d22a2a0afff6

    Score
    3/10
    discovery
    behavioral17behavioral18

    • Target

      lang/pt-BR.json

    • Size

      2KB

    • MD5

      7edde5b5a61a0e57dd7318b1972dd517

    • SHA1

      85667522638df4226191593f264c48e11161c559

    • SHA256

      0b4b3afe8e4d37b52c771229eacff1034e67db1da7a84df7741092b07eebfd87

    • SHA512

      c06f8df619f1bb4967eae92c04b32665059fb3c341217e68bdb7019756e901c7c22585cb59c9841d0bbdaef2cb58b5bec7d6b93ff48004f1ce67db2429b087ae

    Score
    3/10
    discovery
    behavioral19behavioral20

    • Target

      lang/ro-RO.json

    • Size

      2KB

    • MD5

      6019c83bac9b0c4ba1ab271add32ad15

    • SHA1

      c8ce008801200eb274e4cab6087462b027e8d048

    • SHA256

      5abdd6e1c2efec440a592c0551ef1484f22b7cea9a93204d36ba3113106a5b27

    • SHA512

      b738f3542cd603df847aa43c1de3d21ef4f11fb80a1de4ae851a937f3fc798eb43ffd6f7e8ef5158261f16e94843f11c3555145888b26abf1fc13f6989a9337e

    Score
    3/10
    discovery
    behavioral21behavioral22

    • Target

      lang/ru-RU.json

    • Size

      2KB

    • MD5

      5b7453548b801b1d51a6ab442b5396fc

    • SHA1

      1d148830b833ea5f2a2ec1be6261624bc0e96511

    • SHA256

      9fde3fc84dd1674e99a7c6243efc7e4df283b99c210eb30277fa75d0a8a365af

    • SHA512

      2808e459f7c76a141a64c61e8efc79c44f49e3bbd7db4e902d4043866c8c20901914ab9ec7dc363e458e12fd6cebcbc8a7adbf376d31298f65a34835b0b2a000

    Score
    3/10
    discovery
    behavioral23behavioral24

    • Target

      lang/sv-SE.json

    • Size

      2KB

    • MD5

      cad1a26d7bae3f9a70058011b6927b98

    • SHA1

      4a3b1271596775539dd1d1ba406320e9c5fb7a9e

    • SHA256

      32b68ce57f1ebd0d46b94f1ee6c09d8f31b9dd454b9e2cfa6e74f471de788e0f

    • SHA512

      772bcfafa8397c3b0ab3796b04e8b1f054297033537b0726755f74192c135edb60111b2949b27b35fd6f25364711b4710617442088e6ca072bac940fc08baad1

    Score
    3/10
    discovery
    behavioral25behavioral26

    • Target

      lang/th-TH.json

    • Size

      2KB

    • MD5

      524499198a7334effd23998eb6e00a27

    • SHA1

      8054e070f55d35c1c6ea63e95d961b51c418e546

    • SHA256

      04f13fbff5811f283c4165a4dc7b69759713de921029d8fc079a2c4a5131ed4e

    • SHA512

      8c69bb51d108d6174c984447add68293b72341444a545c5038b29a27cab8dbb33fe982b4c6f70aa1f2bd57b0495a8b24088f4e077aa9376979acd9b42981a83b

    Score
    3/10
    discovery
    behavioral27behavioral28

    • Target

      lang/tr-TR.json

    • Size

      2KB

    • MD5

      1d593aaf7210076e4f67555345067470

    • SHA1

      b57c4487f5c5071eaefa3fd05930214aa60b5fff

    • SHA256

      438ee8b1ee5b88c43ee96e5b96a04e7520ba7dfee038178472b8c372edef4a4f

    • SHA512

      ed1b5129f40f4f492acd5a6002f5d8aa1d0915134460a3e45600f9f9ccf82c17f8b289e32ad245d381fd56ee0e4a8ce271bd605221e3f2f9b0fba8afe55a0198

    Score
    3/10
    discovery
    behavioral29behavioral30

    • Target

      lang/vi-VN.json

    • Size

      2KB

    • MD5

      b0ffab3931f5da77d4b5f4ac5b1b3da7

    • SHA1

      d26762fd2b2f0ed3b99c3c9260c1d66b8dafba23

    • SHA256

      a372c1866ec0ea47184fb001e6f5f2b1bea5cbfc95b1d43302c6bc655f5a3e51

    • SHA512

      46a152a7efaa7d19217f884cdb0d2d5663394f805db96d7f85c140de7857943ce39d8a7a145598421b9de1e130747a2967ee080afac05f01458998b13a0f263e

    Score
    3/10
    discovery
    behavioral31behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

12
T1082

System Location Discovery

15
T1614

System Language Discovery

15
T1614.001

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

Score
3/10

behavioral1

discovery
Score
5/10

behavioral2

discovery
Score
4/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

discovery
Score
3/10

behavioral10

discovery
Score
3/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

discovery
Score
3/10

behavioral14

Score
3/10

behavioral15

discovery
Score
3/10

behavioral16

Score
3/10

behavioral17

discovery
Score
3/10

behavioral18

Score
3/10

behavioral19

discovery
Score
3/10

behavioral20

Score
3/10

behavioral21

discovery
Score
3/10

behavioral22

Score
3/10

behavioral23

discovery
Score
3/10

behavioral24

Score
3/10

behavioral25

discovery
Score
3/10

behavioral26

Score
3/10

behavioral27

discovery
Score
3/10

behavioral28

Score
3/10

behavioral29

discovery
Score
3/10

behavioral30

Score
3/10

behavioral31

discovery
Score
3/10

behavioral32

Score
3/10