General
-
Target
DBNote - CRNote _ DRAFT MBL HBL KGNSA2212999 ETD SHIPPING DOCS.exe
-
Size
343KB
-
Sample
230720-l18rbafg9v
-
MD5
0ebcaa089dd5f0c9ee4c628badfd8f7b
-
SHA1
9c675efec7954a6780004294084f78b2a06675ee
-
SHA256
c8bbb6208a9ca69f2baebf0b426af881e58cca8f3fb2b76359a459b6b3df2e83
-
SHA512
40fc2eab3d786742731adaff0f92bd3408f62aeeadac0d7cb5e3046ee683a9d407ae2f8e8a54de141b7a2208a33d645bd3e8725a4155e99f50ce75dbbb8e34f4
-
SSDEEP
6144:/Ya6AWuGwNYK0GTMKh6+KZvZu7sb08ZDONDTbxzhp7d2fdxCmEQnKVYhXaa1wrbr:/YmI3NKo+uvZjb08Nsrxz52fdEmEQnDq
Static task
static1
Behavioral task
behavioral1
Sample
DBNote - CRNote _ DRAFT MBL HBL KGNSA2212999 ETD SHIPPING DOCS.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
DBNote - CRNote _ DRAFT MBL HBL KGNSA2212999 ETD SHIPPING DOCS.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
darkcloud
- email_from
- email_to
Targets
-
-
Target
DBNote - CRNote _ DRAFT MBL HBL KGNSA2212999 ETD SHIPPING DOCS.exe
-
Size
343KB
-
MD5
0ebcaa089dd5f0c9ee4c628badfd8f7b
-
SHA1
9c675efec7954a6780004294084f78b2a06675ee
-
SHA256
c8bbb6208a9ca69f2baebf0b426af881e58cca8f3fb2b76359a459b6b3df2e83
-
SHA512
40fc2eab3d786742731adaff0f92bd3408f62aeeadac0d7cb5e3046ee683a9d407ae2f8e8a54de141b7a2208a33d645bd3e8725a4155e99f50ce75dbbb8e34f4
-
SSDEEP
6144:/Ya6AWuGwNYK0GTMKh6+KZvZu7sb08ZDONDTbxzhp7d2fdxCmEQnKVYhXaa1wrbr:/YmI3NKo+uvZjb08Nsrxz52fdEmEQnDq
Score10/10-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-