General
-
Target
PI YW-201123.zip
-
Size
323KB
-
Sample
230720-ndpq2agf8v
-
MD5
2fcca15c1395bb3ff8f85df226fa1e64
-
SHA1
7a8e817d7d14900c70f9c67266d80b7cb2d97931
-
SHA256
6d9352c69f57555cb6d8a4c038bf6d37259136618429c9432c13516701e27274
-
SHA512
79bb096d07f6ec5923f7c92d19180d6363e07538c85328932a25b0c8120a136cbf4dc72e83f152d0d7e104e7ea431f0a8b9521ff6b40fdaf5f4222973f3b6d89
-
SSDEEP
6144:gpU8PLHReXARAPY41jUiwI5mPqQy3LKjVdTuSBD0StUpbqa1Aov0BBOSS0VxOP:qPLxe+APY+UiBQybKjfT/+OIqPPOP
Static task
static1
Behavioral task
behavioral1
Sample
PI YW-201123.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
PI YW-201123.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
darkcloud
- email_from
- email_to
Targets
-
-
Target
PI YW-201123.exe
-
Size
338KB
-
MD5
27de92ea28f11ed9a1b327f6df81deab
-
SHA1
5e4bd89351040e293aa47a65c83c4705a92ed0fb
-
SHA256
d46f7e127f48d7fc3d018fd53e2c7d473c6c54d1f3e2cabec145becbd247a717
-
SHA512
e1e08d7a03a410b785f9d699b3aad97620f397c2898e0447482c731fd24e29fdf756ccf178a918782e12ef7f70263a565659c29a35e32bbbbfd78b4b4f5f7328
-
SSDEEP
6144:PYa6usXhrARAhY41lUkwS5mr4Qy9LKjVdluSBXgStypbqK1AonEBDOES0VYOu:PY4q4AhYmUkbQyJKjfl/mOqAjKOu
Score10/10-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-