General
-
Target
Ziraat Bankasi Swift Mesaji.pdf.exe
-
Size
1.1MB
-
Sample
230109-rpks1aee33
-
MD5
884bd7c5f3fa58edd85ba3d268decbae
-
SHA1
11c68a384fcd12b77ca221e0eec1dd2683056dba
-
SHA256
9bb43e190685f86937e09673de3243cbe1971ecf0eab9b75e09d0de96e9764cb
-
SHA512
c55da0831713ce4a970efa6addf9fb0b5e32a851ac8e1745af8e5705395f3f3d14c36d64ed4ed67932b62aeea555b064f7b891cd656cfe879906b5a953d65fb2
-
SSDEEP
24576:IqqhCsJLFscvNVlu+99k4mrIl5tBfBFLgGZokXJVCQ6nP/A/mYx:NuLSclB35x5gG3azP4
Malware Config
Extracted
darkcloud
- email_from
- email_to
Targets
-
-
Target
Ziraat Bankasi Swift Mesaji.pdf.exe
-
Size
1.1MB
-
MD5
884bd7c5f3fa58edd85ba3d268decbae
-
SHA1
11c68a384fcd12b77ca221e0eec1dd2683056dba
-
SHA256
9bb43e190685f86937e09673de3243cbe1971ecf0eab9b75e09d0de96e9764cb
-
SHA512
c55da0831713ce4a970efa6addf9fb0b5e32a851ac8e1745af8e5705395f3f3d14c36d64ed4ed67932b62aeea555b064f7b891cd656cfe879906b5a953d65fb2
-
SSDEEP
24576:IqqhCsJLFscvNVlu+99k4mrIl5tBfBFLgGZokXJVCQ6nP/A/mYx:NuLSclB35x5gG3azP4
Score10/10-
DarkCloud
An information stealer written in Visual Basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-