DropPhone
Description
(Kaspersky) DropPhone launches sdclt.exe, then collects environment information from the victim machine and sends it to Dropbox. The last thing this implant does is delete data.dat without ever accessing its contents. We speculate that they are consumed by sdclt.exe, and that this is another way to lock together the execution of two components, frustrating the efforts of the reverse-engineers who are missing pieces of the puzzle – as is our case here.
Names
Name |
---|
DropPhone |
Category
Malware
Type
- Reconnaissance
- Info stealer
Information
Other Information
Uuid
bf1718cb-52e1-4429-abc9-1c49a73c8f57
Last Card Change
2021-05-15