DropPhone

Description

(Kaspersky) DropPhone launches sdclt.exe, then collects environment information from the victim machine and sends it to Dropbox. The last thing this implant does is delete data.dat without ever accessing its contents. We speculate that they are consumed by sdclt.exe, and that this is another way to lock together the execution of two components, frustrating the efforts of the reverse-engineers who are missing pieces of the puzzle – as is our case here.

Names

Name
DropPhone

Category

Malware

Type

  • Reconnaissance
  • Info stealer

Information

Other Information

Uuid

bf1718cb-52e1-4429-abc9-1c49a73c8f57

Last Card Change

2021-05-15