General
-
Target
PI YW-201123.exe
-
Size
338KB
-
Sample
230720-mkyf3sgc2y
-
MD5
27de92ea28f11ed9a1b327f6df81deab
-
SHA1
5e4bd89351040e293aa47a65c83c4705a92ed0fb
-
SHA256
d46f7e127f48d7fc3d018fd53e2c7d473c6c54d1f3e2cabec145becbd247a717
-
SHA512
e1e08d7a03a410b785f9d699b3aad97620f397c2898e0447482c731fd24e29fdf756ccf178a918782e12ef7f70263a565659c29a35e32bbbbfd78b4b4f5f7328
-
SSDEEP
6144:PYa6usXhrARAhY41lUkwS5mr4Qy9LKjVdluSBXgStypbqK1AonEBDOES0VYOu:PY4q4AhYmUkbQyJKjfl/mOqAjKOu
Static task
static1
Behavioral task
behavioral1
Sample
PI YW-201123.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
PI YW-201123.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
darkcloud
- email_from
- email_to
Targets
-
-
Target
PI YW-201123.exe
-
Size
338KB
-
MD5
27de92ea28f11ed9a1b327f6df81deab
-
SHA1
5e4bd89351040e293aa47a65c83c4705a92ed0fb
-
SHA256
d46f7e127f48d7fc3d018fd53e2c7d473c6c54d1f3e2cabec145becbd247a717
-
SHA512
e1e08d7a03a410b785f9d699b3aad97620f397c2898e0447482c731fd24e29fdf756ccf178a918782e12ef7f70263a565659c29a35e32bbbbfd78b4b4f5f7328
-
SSDEEP
6144:PYa6usXhrARAhY41lUkwS5mr4Qy9LKjVdluSBXgStypbqK1AonEBDOES0VYOu:PY4q4AhYmUkbQyJKjfl/mOqAjKOu
Score10/10-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-