General
-
Target
FOBPending.exe.bin
-
Size
1.2MB
-
Sample
230505-zg1s9agc5v
-
MD5
5a7b4afc8d9c3dd58a10c88bee78a4e1
-
SHA1
604d258a36a9dfdc200b7b050939b9805d4b3a63
-
SHA256
7de19682e83250de593d83fb5c926f2bc3cffcafe408e100d36aca97d5c4f715
-
SHA512
2e849cae4ca6673b193a35a587a21a93aee93eb78bdd6c177bd57fff8fbdf88d5a7de822b8e2f4e9635285ad9823fb174b46326d286c5a0628ca9424ddf175c0
-
SSDEEP
24576:TTbBv5rUDAbVkNd5+3bZJaH9VBIpUUBQjqfYTj1Wz7V2EggiVEUsG:NBDeT+bZwH9VBgUUZRV2EgTsG
Static task
static1
Behavioral task
behavioral1
Sample
FOBPending.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
FOBPending.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
darkcloud
https://api.telegram.org/bot5261540771:AAHpybxDtEnwQtX4w7iGcSpo7-vbVF4FJuk/sendMessage?chat_id=5130831629
Targets
-
-
Target
FOBPending.exe.bin
-
Size
1.2MB
-
MD5
5a7b4afc8d9c3dd58a10c88bee78a4e1
-
SHA1
604d258a36a9dfdc200b7b050939b9805d4b3a63
-
SHA256
7de19682e83250de593d83fb5c926f2bc3cffcafe408e100d36aca97d5c4f715
-
SHA512
2e849cae4ca6673b193a35a587a21a93aee93eb78bdd6c177bd57fff8fbdf88d5a7de822b8e2f4e9635285ad9823fb174b46326d286c5a0628ca9424ddf175c0
-
SSDEEP
24576:TTbBv5rUDAbVkNd5+3bZJaH9VBIpUUBQjqfYTj1Wz7V2EggiVEUsG:NBDeT+bZwH9VBgUUZRV2EgTsG
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-