General
-
Target
payment23680.00.exe.bin
-
Size
1.1MB
-
Sample
230505-zp2qhsec42
-
MD5
c967dc56f4b18b51dbf16aa276da9561
-
SHA1
d6481b2bff7fdae85eeea5d93585f909d84cc9c0
-
SHA256
1fc2517f39da363bb029b78eabb712d7ffe75f2dc5f114ff6968283ee881f4d8
-
SHA512
69aef710a7e8d2dd519e19b55877e2f843db6170b7f792a8a0a6fb6b4f12c081fbd217469a7bac0d67084907769a95a912eab64e7ca17129aeae5122278f725a
-
SSDEEP
24576:jTbBv5rUDWxz5LAXjXXRQFX8KZB8SpUUBQjqfYTfz7V2EggiVEn:9Bt5UtQSAnUUZ8V2EgS
Static task
static1
Behavioral task
behavioral1
Sample
payment23680.00.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
payment23680.00.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
darkcloud
- email_from
- email_to
Targets
-
-
Target
payment23680.00.exe.bin
-
Size
1.1MB
-
MD5
c967dc56f4b18b51dbf16aa276da9561
-
SHA1
d6481b2bff7fdae85eeea5d93585f909d84cc9c0
-
SHA256
1fc2517f39da363bb029b78eabb712d7ffe75f2dc5f114ff6968283ee881f4d8
-
SHA512
69aef710a7e8d2dd519e19b55877e2f843db6170b7f792a8a0a6fb6b4f12c081fbd217469a7bac0d67084907769a95a912eab64e7ca17129aeae5122278f725a
-
SSDEEP
24576:jTbBv5rUDWxz5LAXjXXRQFX8KZB8SpUUBQjqfYTfz7V2EggiVEn:9Bt5UtQSAnUUZ8V2EgS
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-