General
-
Target
Invoice.exe
-
Size
925KB
-
Sample
230719-qp3s5sgc45
-
MD5
8c3cb6cbee384a1cbff8d1b9a21db88f
-
SHA1
e8fd0931672e37c9322f8f6b5c63cf04f64aab55
-
SHA256
df9601c2abefafaf4da2b6b95d6beb6a8f59d62e527cb803879f49e12bc6a798
-
SHA512
14df62424872ee2bd3c79549a2b7523cc5561575e4e8fd1b825a901b693dd650bfebc436a94afaa6cac512d0d77d5cd523848df4d4e7b93e20d3bd6377b6fe14
-
SSDEEP
24576:dCfzW/ZbGA4dx8ZJ7R1nSoQ8sY3hq/vcchDj2NkWIl:oa/1GA4dmZJ11nSONA/vwOWI
Static task
static1
Behavioral task
behavioral1
Sample
Invoice.exe
Resource
win7-20230712-en
Malware Config
Extracted
darkcloud
https://api.telegram.org/bot6286742839:AAEBPY8dNKiSbc20pxOzagMixRMMK1n0Jro/sendMessage?chat_id=6398779288
Targets
-
-
Target
Invoice.exe
-
Size
925KB
-
MD5
8c3cb6cbee384a1cbff8d1b9a21db88f
-
SHA1
e8fd0931672e37c9322f8f6b5c63cf04f64aab55
-
SHA256
df9601c2abefafaf4da2b6b95d6beb6a8f59d62e527cb803879f49e12bc6a798
-
SHA512
14df62424872ee2bd3c79549a2b7523cc5561575e4e8fd1b825a901b693dd650bfebc436a94afaa6cac512d0d77d5cd523848df4d4e7b93e20d3bd6377b6fe14
-
SSDEEP
24576:dCfzW/ZbGA4dx8ZJ7R1nSoQ8sY3hq/vcchDj2NkWIl:oa/1GA4dmZJ11nSONA/vwOWI
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-