General
-
Target
payment copy.exe
-
Size
339KB
-
Sample
230719-n456pseb93
-
MD5
157b32a3be2d4086e30791c096ac89d3
-
SHA1
e391ef105902acff54e472bd28f59d3989f10137
-
SHA256
500546314c612ba53f7c5ba4a2a48fefc627f967d885628887a39b253ca84ea2
-
SHA512
50fbb3866841524e14b9d5f1a3e030606ef043ea26362cebf98a769ef156f81e2a2f5eba73dc507c2b790a51bff5734cb4cabf067cbc68a62d8a4fb7679119ff
-
SSDEEP
6144:/Ya6E2BEfPv9jEthOTJHr8a/zcG/YH85Ij3ASl7cdPPUqSt+0Qod7qmByte:/YaAwPv9jEthOTdD/e85ZSydPPAt2odV
Static task
static1
Behavioral task
behavioral1
Sample
payment copy.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
payment copy.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
darkcloud
- email_from
- email_to
Targets
-
-
Target
payment copy.exe
-
Size
339KB
-
MD5
157b32a3be2d4086e30791c096ac89d3
-
SHA1
e391ef105902acff54e472bd28f59d3989f10137
-
SHA256
500546314c612ba53f7c5ba4a2a48fefc627f967d885628887a39b253ca84ea2
-
SHA512
50fbb3866841524e14b9d5f1a3e030606ef043ea26362cebf98a769ef156f81e2a2f5eba73dc507c2b790a51bff5734cb4cabf067cbc68a62d8a4fb7679119ff
-
SSDEEP
6144:/Ya6E2BEfPv9jEthOTJHr8a/zcG/YH85Ij3ASl7cdPPUqSt+0Qod7qmByte:/YaAwPv9jEthOTdD/e85ZSydPPAt2odV
Score10/10-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-