Overview

overview

8

Static

static

3

capcut_cap...er.exe

windows7-x64

8

capcut_cap...er.exe

windows10-2004-x64

8

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...ls.dll

windows7-x64

3

$PLUGINSDI...ls.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows7-x64

3

$PLUGINSDI...ll.dll

windows10-2004-x64

3

CapCut.exe

windows7-x64

8

CapCut.exe

windows10-2004-x64

8

LICENSES.c...m.html

windows7-x64

3

LICENSES.c...m.html

windows10-2004-x64

3

d3dcompiler_47.dll

windows10-2004-x64

1

ffmpeg.dll

windows7-x64

1

ffmpeg.dll

windows10-2004-x64

1

libEGL.dll

windows7-x64

1

libEGL.dll

windows10-2004-x64

1

libGLESv2.dll

windows7-x64

1

libGLESv2.dll

windows10-2004-x64

1

resources/app.js

windows7-x64

3

resources/app.js

windows10-2004-x64

3

resources/elevate.exe

windows7-x64

3

resources/elevate.exe

windows10-2004-x64

3

swiftshade...GL.dll

windows7-x64

1

swiftshade...GL.dll

windows10-2004-x64

1

swiftshade...v2.dll

windows7-x64

1

swiftshade...v2.dll

windows10-2004-x64

1

vk_swiftshader.dll

windows7-x64

1

vk_swiftshader.dll

windows10-2004-x64

1

vulkan-1.dll

windows7-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    capcut_capcutpc_0_1.2.6_installer.zip

  • Size

    57.9MB

  • Sample

    241002-f3dq3ashje

  • MD5

    84bc8e258c6bad54868c1579a4f9c117

  • SHA1

    9e98ad342040e97f172213eb22eccc9d9278c04e

  • SHA256

    640a873a9bdc77ddd340a9196fece62dcbfd3e6bdeec787f60d882a59a4ca264

  • SHA512

    9728fe15158cebf05d43b6be85049003a5681e7d0583590a1dfbc69f015d34533a9dcc511ae3dd5fc350d65bc3557817ae7a54683cb29551b4ee11e8656eccb2

  • SSDEEP

    1572864:PxyajzAG+YWIc0STUKMlaWYMv95Le09stIrTo6eW:PxXjzAG33SrMlaRMv9xwt+9J

Score
8/10
discoveryexecution

Malware Config

Targets

    • Target

      capcut_capcutpc_0_1.2.6_installer.exe

    • Size

      57.9MB

    • MD5

      66efd16409a8d0fb01e18c4bc45620d6

    • SHA1

      ecce01f15f04a5af6cd692041681fbe76acceff3

    • SHA256

      30aa9e4a28393348f245be4d8becf75846e32da0591d6ba4440f4772f9c2c2cf

    • SHA512

      45d3f38b4b000d948af898f97d0e8a56441a4ecb2244eacc0ac79616d653c902e5fffe4ba7ec0ffb425af4328e3d068865f2747eaea7b4bae19ead116aa134cb

    • SSDEEP

      1572864:sXDgU7aTp2fTWYIQklIK+Z280QLzzTmkxyZYfDmI0t:sXDL7aTp2nJMH+Z2tQLzHYZSRy

    Score
    8/10
    discoveryexecution

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Downloads MZ/PE file

    • Patched UPX-packed file

      Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

      discovery
    behavioral1behavioral2

    • Target

      $PLUGINSDIR/SpiderBanner.dll

    • Size

      9KB

    • MD5

      17309e33b596ba3a5693b4d3e85cf8d7

    • SHA1

      7d361836cf53df42021c7f2b148aec9458818c01

    • SHA256

      996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

    • SHA512

      1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

    • SSDEEP

      192:5lkE3uqRI1y7/xcfK4PRef6gQzJyY1rpKlVrw:5lkMBI1y7UKcef6XzJrpKY

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/StdUtils.dll

    • Size

      100KB

    • MD5

      c6a6e03f77c313b267498515488c5740

    • SHA1

      3d49fc2784b9450962ed6b82b46e9c3c957d7c15

    • SHA256

      b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

    • SHA512

      9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

    • SSDEEP

      3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      0d7ad4f45dc6f5aa87f606d0331c6901

    • SHA1

      48df0911f0484cbe2a8cdd5362140b63c41ee457

    • SHA256

      3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

    • SHA512

      c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

    • SSDEEP

      192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      $PLUGINSDIR/WinShell.dll

    • Size

      3KB

    • MD5

      1cc7c37b7e0c8cd8bf04b6cc283e1e56

    • SHA1

      0b9519763be6625bd5abce175dcc59c96d100d4c

    • SHA256

      9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

    • SHA512

      7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

    Score
    3/10
    discovery
    behavioral10behavioral9

    • Target

      CapCut.exe

    • Size

      133.1MB

    • MD5

      386d607b4ca8d760db1d6e72eaef4bd1

    • SHA1

      58a800bca6ab2b324388fd330b17300ef9a1fef5

    • SHA256

      a73fc2f0d7f187d75f1f04080f6ebc9791fe9b0911bb602da88b892e98f48b34

    • SHA512

      c7ccfc5cb8d73ca1b54bc39226aff665d1612bde5bd1a827485bf80927a530565a77a193a34c916e0135c6f0b41fc3113029f28671153ad2e43d34f5100e3466

    • SSDEEP

      1572864:C2HVo9Ck+yOBBdJAVwlymAETslfp409t:49Ctx3tu

    Score
    8/10
    discoveryexecution

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Downloads MZ/PE file

    • Patched UPX-packed file

      Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral11behavioral12

    • Target

      LICENSES.chromium.html

    • Size

      5.2MB

    • MD5

      4247afa6679602da138e41886bcf27da

    • SHA1

      3bb8c83dc9d5592119675e67595b294211ddbf6e

    • SHA256

      bf59a74b4404aa0c893ca8bbe636498629b6a3acdff4acb84de692462fd626e4

    • SHA512

      ad3103f7fd32f0ec652bc7fcb8c303796367292a366037acad8e1312775cdd92c2f36ed8c34a809251ad044508e1e7579b79847de61025baf8bda5ad578a0330

    • SSDEEP

      12288:/7etnqnVnMnBnunQ9RBvjYJEi400/Q599b769B9UOE6MwMGucMEbHDuX0YnpWQZG:sPMM5FaWStHvmUKItmfDTeHiVQZp4

    Score
    3/10
    discovery
    behavioral13behavioral14

    • Target

      d3dcompiler_47.dll

    • Size

      4.3MB

    • MD5

      7641e39b7da4077084d2afe7c31032e0

    • SHA1

      2256644f69435ff2fee76deb04d918083960d1eb

    • SHA256

      44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47

    • SHA512

      8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

    • SSDEEP

      49152:aYlc/220PPiMLKam+VMrLi21f4i3jn5ZO3XUDmOZQwVd2uQpN3WsGVUWd55i/jrs:a6KD2Mrdaix4NQnLt

    Score
    1/10
    behavioral15

    • Target

      ffmpeg.dll

    • Size

      2.6MB

    • MD5

      7977f3720aa86e0ec2ad2de44ad42004

    • SHA1

      04a4ef5ccd72aa5d050cc606a7597a3b388c6400

    • SHA256

      61c6bd5fee2c150265241a15379c4053b174b1cd7687749629afcdbd1264a02e

    • SHA512

      8ef3b8f506b5ad7241b96d381a501033266358fb3756a457c46ed499547db1232012f849838e65f916129fab1a0d74711e9851b8e0669831acbbf4c3494e492d

    • SSDEEP

      49152:baOoZks54czfQNk9GSQABmZuZgAp1iJxgG1broIhj4OxSZpSq:it59uEBm8geZz

    Score
    1/10
    behavioral16behavioral17

    • Target

      libEGL.dll

    • Size

      431KB

    • MD5

      7b77074945dfe5cf0b1c5a3748058d57

    • SHA1

      fdea507ac2be491b8ad24ddc1030ea9980c94c0d

    • SHA256

      994972c1bc515c199552d50e97ad217ae15a3eed16db06181c7df50e743e8a56

    • SHA512

      d637b2c7d75723601af099317a39820d3edbd3cea1e1cb20b702deb6ca7fdb0b67e1351cc8fee1c7badff957fffb848a8dce18bb25bfd60c81a588da4f68c1fd

    • SSDEEP

      6144:QpKolEK3EyQVAZvhnzGtMY+3lnLdYcUpwOXW4IUo+lTsRLVDc2/:QBl1EyyAZvJWM936wOJTWVDc

    Score
    1/10
    behavioral18behavioral19

    • Target

      libGLESv2.dll

    • Size

      7.6MB

    • MD5

      8c93e19281992a00993fc0f09e272917

    • SHA1

      3a2d12bc85f829775ec8c5c1f8e35a783d37b7a7

    • SHA256

      1ebc1da8d7e463a5d3dc127a632989ef35cfbd94cb18bf1f8ee790f172d43703

    • SHA512

      c4ec65378d83e6645c9128825853de2d3e82c0f430cd28fdc761eaf2d011267c3794b7c1dcef017750323873d7fe976656eebf9ed7c03582741d43738f3e0c7c

    • SSDEEP

      49152:BIgJiNu/CVyS4I+K/UGG7ftgIj4RBrGW+T54vwjKxH33yjsMfRJvLnLBXonnMl9W:mNyUxGDahRNR6gyxQi4Mn0YJ4/qamG

    Score
    1/10
    behavioral20behavioral21

    • Target

      resources/app.asar

    • Size

      2.9MB

    • MD5

      6c28f36a1cfd1132f866697821b8d266

    • SHA1

      725e06459549883332d3504b232c33f7eb0e887b

    • SHA256

      8ba06d25419b7fbcecf5fce6a8451ee02f818a0b6315c67183a336c24fa02ad3

    • SHA512

      e0246d25bc9f93303b7aa9edf5b05f96e72b7c1f748f04ef914f28d370f3a179c4302ec7527bd75402e5ec5b03129088391bde7917e9d7aa777893fb9315efcd

    • SSDEEP

      49152:Ey/NaNXRmEW0jmocI87sRrjT0fwAQTz0UzaBaZ47zdyuZ4TzNjbTUzrXZKTzQAf:EpYwA5m

    Score
    3/10
    execution
    behavioral22behavioral23

    • Target

      resources/elevate.exe

    • Size

      105KB

    • MD5

      792b92c8ad13c46f27c7ced0810694df

    • SHA1

      d8d449b92de20a57df722df46435ba4553ecc802

    • SHA256

      9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37

    • SHA512

      6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

    • SSDEEP

      3072:1bLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWl:1PrwRhte1XsE1l

    Score
    3/10
    discovery
    behavioral24behavioral25

    • Target

      swiftshader/libEGL.dll

    • Size

      445KB

    • MD5

      be1b6fe26a1b5a3e1302c26ce5ce53f3

    • SHA1

      c3cac08e89c4cc91eae1cc87e33a1dea723f1d78

    • SHA256

      162abe61314e720384d8cdd43190a89df8a96de52f3ede7b6c58998f615d8546

    • SHA512

      07dca111391dfb6b7e90d4be02071bc625128eeca0b9d9a3cebdc7916baec9f95cbbf906f2533befd6b62b9bbc69488ffa720f8d40c9710dd3b7d540d9dcaa55

    • SSDEEP

      6144:NldwaUBIAHXboKn7YsGfJjjvQppfSH6RdW8wrpGLVgf8q:JWIsXboKnMAfSHChgUq

    Score
    1/10
    behavioral26behavioral27

    • Target

      swiftshader/libGLESv2.dll

    • Size

      3.0MB

    • MD5

      1e401ccda5b723ab8a595a54f7d2531c

    • SHA1

      127716680dd16f776b19c2306d716935e54c5100

    • SHA256

      c167a458174e2a280c39d7af31bd109e8e2921032a687097b584653adc33ab21

    • SHA512

      1f2f35021f338aa7c5a0ae83c196217fbca6b1d017ac1bb4f1eebb93bd6e18c5d74c1a14bd4899d7a91d054b0139b2c4fc3271c35148ad1d8b71139aff0132fc

    • SSDEEP

      49152:8NF/tcKnjh4NDNR32u7X5f2yRwT6mcavJ9BtCCp5kVtjjFCo5Z5UbNyJzSZ85C5c:8NIaqrNONEniz7P

    Score
    1/10
    behavioral28behavioral29

    • Target

      vk_swiftshader.dll

    • Size

      4.3MB

    • MD5

      77f7b4f46cb3e06b53729fd1e562dfef

    • SHA1

      223c09805220ff2b5c1dcbdd5c0396231ea34f11

    • SHA256

      a648cd4671b12b469c4d2de20c2ba2429c9388c0f9d4b3d9d2244853d0e5acb5

    • SHA512

      6be9afda9320074c5842419cf8493d715ca65a3362d368d3a35e35a47d36f8197b0f19877485b41a06e21148613a77bb6275b0586c4a38da8a25efe6b5a6b571

    • SSDEEP

      49152:ImuXbIxohwCWtm32rw3lYIDkhUw2B2w/XBnbtZNDNHI6iBewVqlnrSrMrXHYtvQi:Ca9dCeKOB

    Score
    1/10
    behavioral30behavioral31

    • Target

      vulkan-1.dll

    • Size

      715KB

    • MD5

      25afbdf6701013c57b19b92225920915

    • SHA1

      009300dd4ab3b81794388ce7d126ae90ff97535f

    • SHA256

      22bb65dd206ce7ee10c05557933a04a04144e1a8228d2a9d1e9d704b0b1b2f7c

    • SHA512

      575e38b60948cb704c355ba9cf3457f2693c30f95e85f10f795e759652bf4317e18ba480bee8aafcea9108415e8e58f674b22c7513a9fabee765142486919a0e

    • SSDEEP

      12288:oYa8yQ628GMAhXhpt1o9Sc4irKabLqYz/oD4C56:ZgQ6jHAhx71o9WirKaqYDa

    Score
    1/10
    behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

discoveryexecution
Score
8/10

behavioral2

discoveryexecution
Score
8/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

discovery
Score
3/10

behavioral10

discovery
Score
3/10

behavioral11

discoveryexecution
Score
8/10

behavioral12

discoveryexecution
Score
8/10

behavioral13

discovery
Score
3/10

behavioral14

discovery
Score
3/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

execution
Score
3/10

behavioral23

execution
Score
3/10

behavioral24

discovery
Score
3/10

behavioral25

discovery
Score
3/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.