General
-
Target
capcut_capcutpc_0_1.2.6_installer.zip
-
Size
57.9MB
-
Sample
241002-f3dq3ashje
-
MD5
84bc8e258c6bad54868c1579a4f9c117
-
SHA1
9e98ad342040e97f172213eb22eccc9d9278c04e
-
SHA256
640a873a9bdc77ddd340a9196fece62dcbfd3e6bdeec787f60d882a59a4ca264
-
SHA512
9728fe15158cebf05d43b6be85049003a5681e7d0583590a1dfbc69f015d34533a9dcc511ae3dd5fc350d65bc3557817ae7a54683cb29551b4ee11e8656eccb2
-
SSDEEP
1572864:PxyajzAG+YWIc0STUKMlaWYMv95Le09stIrTo6eW:PxXjzAG33SrMlaRMv9xwt+9J
Malware Config
Targets
-
-
Target
capcut_capcutpc_0_1.2.6_installer.exe
-
Size
57.9MB
-
MD5
66efd16409a8d0fb01e18c4bc45620d6
-
SHA1
ecce01f15f04a5af6cd692041681fbe76acceff3
-
SHA256
30aa9e4a28393348f245be4d8becf75846e32da0591d6ba4440f4772f9c2c2cf
-
SHA512
45d3f38b4b000d948af898f97d0e8a56441a4ecb2244eacc0ac79616d653c902e5fffe4ba7ec0ffb425af4328e3d068865f2747eaea7b4bae19ead116aa134cb
-
SSDEEP
1572864:sXDgU7aTp2fTWYIQklIK+Z280QLzzTmkxyZYfDmI0t:sXDL7aTp2nJMH+Z2tQLzHYZSRy
Score8/10-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Downloads MZ/PE file
-
Patched UPX-packed file
Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-
-
-
Target
$PLUGINSDIR/SpiderBanner.dll
-
Size
9KB
-
MD5
17309e33b596ba3a5693b4d3e85cf8d7
-
SHA1
7d361836cf53df42021c7f2b148aec9458818c01
-
SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93
-
SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298
-
SSDEEP
192:5lkE3uqRI1y7/xcfK4PRef6gQzJyY1rpKlVrw:5lkMBI1y7UKcef6XzJrpKY
Score3/10 -
-
-
Target
$PLUGINSDIR/StdUtils.dll
-
Size
100KB
-
MD5
c6a6e03f77c313b267498515488c5740
-
SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15
-
SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
-
SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
-
SSDEEP
3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
12KB
-
MD5
0d7ad4f45dc6f5aa87f606d0331c6901
-
SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457
-
SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
-
SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
-
SSDEEP
192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score3/10 -
-
-
Target
$PLUGINSDIR/WinShell.dll
-
Size
3KB
-
MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56
-
SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c
-
SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
-
SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f
Score3/10 -
-
-
Target
CapCut.exe
-
Size
133.1MB
-
MD5
386d607b4ca8d760db1d6e72eaef4bd1
-
SHA1
58a800bca6ab2b324388fd330b17300ef9a1fef5
-
SHA256
a73fc2f0d7f187d75f1f04080f6ebc9791fe9b0911bb602da88b892e98f48b34
-
SHA512
c7ccfc5cb8d73ca1b54bc39226aff665d1612bde5bd1a827485bf80927a530565a77a193a34c916e0135c6f0b41fc3113029f28671153ad2e43d34f5100e3466
-
SSDEEP
1572864:C2HVo9Ck+yOBBdJAVwlymAETslfp409t:49Ctx3tu
Score8/10-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Downloads MZ/PE file
-
Patched UPX-packed file
Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
LICENSES.chromium.html
-
Size
5.2MB
-
MD5
4247afa6679602da138e41886bcf27da
-
SHA1
3bb8c83dc9d5592119675e67595b294211ddbf6e
-
SHA256
bf59a74b4404aa0c893ca8bbe636498629b6a3acdff4acb84de692462fd626e4
-
SHA512
ad3103f7fd32f0ec652bc7fcb8c303796367292a366037acad8e1312775cdd92c2f36ed8c34a809251ad044508e1e7579b79847de61025baf8bda5ad578a0330
-
SSDEEP
12288:/7etnqnVnMnBnunQ9RBvjYJEi400/Q599b769B9UOE6MwMGucMEbHDuX0YnpWQZG:sPMM5FaWStHvmUKItmfDTeHiVQZp4
Score3/10 -
-
-
Target
d3dcompiler_47.dll
-
Size
4.3MB
-
MD5
7641e39b7da4077084d2afe7c31032e0
-
SHA1
2256644f69435ff2fee76deb04d918083960d1eb
-
SHA256
44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47
-
SHA512
8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5
-
SSDEEP
49152:aYlc/220PPiMLKam+VMrLi21f4i3jn5ZO3XUDmOZQwVd2uQpN3WsGVUWd55i/jrs:a6KD2Mrdaix4NQnLt
Score1/10 -
-
-
Target
ffmpeg.dll
-
Size
2.6MB
-
MD5
7977f3720aa86e0ec2ad2de44ad42004
-
SHA1
04a4ef5ccd72aa5d050cc606a7597a3b388c6400
-
SHA256
61c6bd5fee2c150265241a15379c4053b174b1cd7687749629afcdbd1264a02e
-
SHA512
8ef3b8f506b5ad7241b96d381a501033266358fb3756a457c46ed499547db1232012f849838e65f916129fab1a0d74711e9851b8e0669831acbbf4c3494e492d
-
SSDEEP
49152:baOoZks54czfQNk9GSQABmZuZgAp1iJxgG1broIhj4OxSZpSq:it59uEBm8geZz
Score1/10 -
-
-
Target
libEGL.dll
-
Size
431KB
-
MD5
7b77074945dfe5cf0b1c5a3748058d57
-
SHA1
fdea507ac2be491b8ad24ddc1030ea9980c94c0d
-
SHA256
994972c1bc515c199552d50e97ad217ae15a3eed16db06181c7df50e743e8a56
-
SHA512
d637b2c7d75723601af099317a39820d3edbd3cea1e1cb20b702deb6ca7fdb0b67e1351cc8fee1c7badff957fffb848a8dce18bb25bfd60c81a588da4f68c1fd
-
SSDEEP
6144:QpKolEK3EyQVAZvhnzGtMY+3lnLdYcUpwOXW4IUo+lTsRLVDc2/:QBl1EyyAZvJWM936wOJTWVDc
Score1/10 -
-
-
Target
libGLESv2.dll
-
Size
7.6MB
-
MD5
8c93e19281992a00993fc0f09e272917
-
SHA1
3a2d12bc85f829775ec8c5c1f8e35a783d37b7a7
-
SHA256
1ebc1da8d7e463a5d3dc127a632989ef35cfbd94cb18bf1f8ee790f172d43703
-
SHA512
c4ec65378d83e6645c9128825853de2d3e82c0f430cd28fdc761eaf2d011267c3794b7c1dcef017750323873d7fe976656eebf9ed7c03582741d43738f3e0c7c
-
SSDEEP
49152:BIgJiNu/CVyS4I+K/UGG7ftgIj4RBrGW+T54vwjKxH33yjsMfRJvLnLBXonnMl9W:mNyUxGDahRNR6gyxQi4Mn0YJ4/qamG
Score1/10 -
-
-
Target
resources/app.asar
-
Size
2.9MB
-
MD5
6c28f36a1cfd1132f866697821b8d266
-
SHA1
725e06459549883332d3504b232c33f7eb0e887b
-
SHA256
8ba06d25419b7fbcecf5fce6a8451ee02f818a0b6315c67183a336c24fa02ad3
-
SHA512
e0246d25bc9f93303b7aa9edf5b05f96e72b7c1f748f04ef914f28d370f3a179c4302ec7527bd75402e5ec5b03129088391bde7917e9d7aa777893fb9315efcd
-
SSDEEP
49152:Ey/NaNXRmEW0jmocI87sRrjT0fwAQTz0UzaBaZ47zdyuZ4TzNjbTUzrXZKTzQAf:EpYwA5m
Score3/10 -
-
-
Target
resources/elevate.exe
-
Size
105KB
-
MD5
792b92c8ad13c46f27c7ced0810694df
-
SHA1
d8d449b92de20a57df722df46435ba4553ecc802
-
SHA256
9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
-
SHA512
6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40
-
SSDEEP
3072:1bLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWl:1PrwRhte1XsE1l
Score3/10 -
-
-
Target
swiftshader/libEGL.dll
-
Size
445KB
-
MD5
be1b6fe26a1b5a3e1302c26ce5ce53f3
-
SHA1
c3cac08e89c4cc91eae1cc87e33a1dea723f1d78
-
SHA256
162abe61314e720384d8cdd43190a89df8a96de52f3ede7b6c58998f615d8546
-
SHA512
07dca111391dfb6b7e90d4be02071bc625128eeca0b9d9a3cebdc7916baec9f95cbbf906f2533befd6b62b9bbc69488ffa720f8d40c9710dd3b7d540d9dcaa55
-
SSDEEP
6144:NldwaUBIAHXboKn7YsGfJjjvQppfSH6RdW8wrpGLVgf8q:JWIsXboKnMAfSHChgUq
Score1/10 -
-
-
Target
swiftshader/libGLESv2.dll
-
Size
3.0MB
-
MD5
1e401ccda5b723ab8a595a54f7d2531c
-
SHA1
127716680dd16f776b19c2306d716935e54c5100
-
SHA256
c167a458174e2a280c39d7af31bd109e8e2921032a687097b584653adc33ab21
-
SHA512
1f2f35021f338aa7c5a0ae83c196217fbca6b1d017ac1bb4f1eebb93bd6e18c5d74c1a14bd4899d7a91d054b0139b2c4fc3271c35148ad1d8b71139aff0132fc
-
SSDEEP
49152:8NF/tcKnjh4NDNR32u7X5f2yRwT6mcavJ9BtCCp5kVtjjFCo5Z5UbNyJzSZ85C5c:8NIaqrNONEniz7P
Score1/10 -
-
-
Target
vk_swiftshader.dll
-
Size
4.3MB
-
MD5
77f7b4f46cb3e06b53729fd1e562dfef
-
SHA1
223c09805220ff2b5c1dcbdd5c0396231ea34f11
-
SHA256
a648cd4671b12b469c4d2de20c2ba2429c9388c0f9d4b3d9d2244853d0e5acb5
-
SHA512
6be9afda9320074c5842419cf8493d715ca65a3362d368d3a35e35a47d36f8197b0f19877485b41a06e21148613a77bb6275b0586c4a38da8a25efe6b5a6b571
-
SSDEEP
49152:ImuXbIxohwCWtm32rw3lYIDkhUw2B2w/XBnbtZNDNHI6iBewVqlnrSrMrXHYtvQi:Ca9dCeKOB
Score1/10 -
-
-
Target
vulkan-1.dll
-
Size
715KB
-
MD5
25afbdf6701013c57b19b92225920915
-
SHA1
009300dd4ab3b81794388ce7d126ae90ff97535f
-
SHA256
22bb65dd206ce7ee10c05557933a04a04144e1a8228d2a9d1e9d704b0b1b2f7c
-
SHA512
575e38b60948cb704c355ba9cf3457f2693c30f95e85f10f795e759652bf4317e18ba480bee8aafcea9108415e8e58f674b22c7513a9fabee765142486919a0e
-
SSDEEP
12288:oYa8yQ628GMAhXhpt1o9Sc4irKabLqYz/oD4C56:ZgQ6jHAhx71o9WirKaqYDa
Score1/10 -
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1