General
-
Target
PO24666740142023.IMG.bin
-
Size
1.5MB
-
Sample
230505-zqdp3sec75
-
MD5
a39fa900e8f2d23ebb073ff6e3fe36b2
-
SHA1
efd3329426800d4398e2e4667e7b0944b9433501
-
SHA256
2633a9aca0a8101f39545e1550bfc268e2fb54bf908ece59d52b3655c12f3a3c
-
SHA512
fdde313ff3b383f69b86d76f567598ee011b56015bf1125487414c03926a74f547e5f47f7fc275108b8b0c5eabab5f808e2a62c19fd6edb97a1b4f57a06c14c6
-
SSDEEP
24576:GIwfHLXcqHmsISQPIbMID5K2W+W3Grh9dCHOd:TgHzcBjSiADW3GF9dC
Static task
static1
Behavioral task
behavioral1
Sample
PO246667.exe
Resource
win7-20230220-en
Malware Config
Extracted
darkcloud
https://api.telegram.org/bot6267068129:AAE4AO_gQGAeEakYl26r7KthrUjdWAdy5c0/sendMessage?chat_id=1909112828
Targets
-
-
Target
PO246667.EXE
-
Size
965KB
-
MD5
fec478d2dbf1e189bec7b5460d552d68
-
SHA1
be6d0ae94e8a8fe44226683b95e1704fe5c8c989
-
SHA256
706c16f29d4d4e71ce3790dc3b1297373fd2485dd3b4535df307fba02083c3e8
-
SHA512
5927e0076267d64d5e39147964a6ab8facba2908740be2ba6c1d94adb528831fee29f8d02edc68f737df5dbc672e87f9fb820654cc03ef7404f59eb3f749a0b9
-
SSDEEP
24576:EIwfHLXcqHmsISQPIbMID5K2W+W3Grh9dCHOd:tgHzcBjSiADW3GF9dC
-
Suspicious use of SetThreadContext
-