General
-
Target
977f2ac7c4ccb4b8b4a5f961ff2aa6fe.bin.bin
-
Size
1.1MB
-
Sample
230501-v5a6aahe25
-
MD5
2244db9257bce116d0304e37d4a3decb
-
SHA1
6e89fdef36c64988761572063d14e337fad553b7
-
SHA256
382cd77eaf4310f37b17ab5e5bf30551bee69c7b376b97730eeff549e828990e
-
SHA512
4802ce6c5aa0480635e381d8ebb5531ffa091560231472234b12cb5ee378a9ca07695dd5d2acb403031457888760f1c624ae76c213bac63953d73d7283be56ff
-
SSDEEP
24576:Y77rvBoAP5e1mGwEOfHAtDtqYHN5B3IS6JwXWxc+S9hHOK:Y77BYwEsgt9N7Ynhxo9hHV
Static task
static1
Behavioral task
behavioral1
Sample
8e16304b756988b8fedf67c9c0eee38873fa743a2e9beae9bfc7bc44206e6a5d.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
8e16304b756988b8fedf67c9c0eee38873fa743a2e9beae9bfc7bc44206e6a5d.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
darkcloud
- email_from
- email_to
Targets
-
-
Target
8e16304b756988b8fedf67c9c0eee38873fa743a2e9beae9bfc7bc44206e6a5d.exe
-
Size
1.3MB
-
MD5
977f2ac7c4ccb4b8b4a5f961ff2aa6fe
-
SHA1
04039b7f69cc9264ad41029b916110bbef44a896
-
SHA256
8e16304b756988b8fedf67c9c0eee38873fa743a2e9beae9bfc7bc44206e6a5d
-
SHA512
7f714f944412e68b8743a66fbe5e266f47491bd2178bc34e1192fcf8892563f99af43ae3d07f2a8066fa89a3bd77dd2dfd2ff196444ac9cad924ba98f02540b7
-
SSDEEP
24576:aTbBv5rUDoZ++AdLAXjXXRQFX8KZ4IXIJJpUUBQjqfYTfz7V2EggiVEoWc:sBpZ+HdUtQSVLzUUZ8V2Egf
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-