General
-
Target
payment copy.zip
-
Size
324KB
-
Sample
230719-pg6pdsed44
-
MD5
2beb4f208d4706f75d280ed90db1fddd
-
SHA1
e446e9e9e063d42b742ce3c850c8b760905c0b41
-
SHA256
b5ed694869ce7b707583fbd633e3ae3d1d9e5fb305d2da3204c9e99a1599812e
-
SHA512
f3b59c51813d59aafc2de5b3c8a6b1dcace8981a45146825cb51c7255f14b992bba8aba2573ff5e54f03077f43d7ee4e22c70fe004bafd0ccf46a4ea1d78bd52
-
SSDEEP
6144:MpU8PLmCMEjPv99EhpOnJHf8a/zuG/+H89IjtASl7mdPPYqSto0mo371mBytU:WPLqSPv99EhpOn19/g89xSodPPktWo3+
Static task
static1
Behavioral task
behavioral1
Sample
payment copy.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
payment copy.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
darkcloud
- email_from
- email_to
Targets
-
-
Target
payment copy.exe
-
Size
339KB
-
MD5
157b32a3be2d4086e30791c096ac89d3
-
SHA1
e391ef105902acff54e472bd28f59d3989f10137
-
SHA256
500546314c612ba53f7c5ba4a2a48fefc627f967d885628887a39b253ca84ea2
-
SHA512
50fbb3866841524e14b9d5f1a3e030606ef043ea26362cebf98a769ef156f81e2a2f5eba73dc507c2b790a51bff5734cb4cabf067cbc68a62d8a4fb7679119ff
-
SSDEEP
6144:/Ya6E2BEfPv9jEthOTJHr8a/zcG/YH85Ij3ASl7cdPPUqSt+0Qod7qmByte:/YaAwPv9jEthOTdD/e85ZSydPPAt2odV
Score10/10-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-