Extracted

• • Target

    0432 SAES Siparis istemi.exe

  • Size

    90KB

  • MD5

    50069400fd003e599cef9f03526107a5

  • SHA1

    1b695214561736a83d4511c593f329e012f38689

  • SHA256

    3faa0c531a47d551291ff2346d42403050666bb90d656ccca3d5b501e734a30f

  • SHA512

    bac256e3b21702f642b118a38dc94d53ccf3c5a1cb012b1aeaf2f50ad4564c30b495da2810cea58b2c74da885157e83ae0961f01cc4b99eb72de7207d33973f0

  • SSDEEP

    384:wVQ5LZw7BZTDzXAV8F5av8+Oe4BbT0O0g0T0J01lJ9w8uy20DhB3LyDQT/7rfWFZ:EciLvFgv8G7gxrtYcFmVc6K

  Score

  10^/10

  discoverydarkcloudpersistencestealer

  • DarkCloud

    An information stealer written in Visual Basic.

    stealerdarkcloud

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Adds Run key to start application

    persistence

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2