DropPhone

Description

(Kaspersky) DropPhone launches sdclt.exe, then collects environment information from the victim machine and sends it to Dropbox. The last thing this implant does is delete data.dat without ever accessing its contents. We speculate that they are consumed by sdclt.exe, and that this is another way to lock together the execution of two components, frustrating the efforts of the reverse-engineers who are missing pieces of the puzzle – as is our case here.

Names

Name
DropPhone

Type

Reconnaissance
Info stealer

Information

https://securelist.com/the-leap-of-a-cycldek-related-threat-actor/101243/

Other Information

Uuid

bf1718cb-52e1-4429-abc9-1c49a73c8f57

Last Card Change

2021-05-15

Threat Intelligence Garden

Explorer

DropPhone

DropPhone

Description

Names

Category

Type

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks