General
-
Target
PRE ALERT DOCUMENTS.exe
-
Size
905KB
-
Sample
230721-g6mc2scc77
-
MD5
c1128956f3a5d97d01eb3a9a63fce28e
-
SHA1
24472f38948b2bc2e7fcce07d3ba6f68a78b06d1
-
SHA256
83c649919324adc6fddf8db7fbfb4750b8d990e0d1a25edda7b4f0cdcd044d05
-
SHA512
55576b2afe96c9948b6503f46377b682714b818a97f02407b7a46a6212320f794b50d812eac1c35245fff966b790857a399a5835fc173c76882a2526f7cd3296
-
SSDEEP
12288:lMS6ln+flo/XciMvDlFonmnE3eNOLyS/H/g1EpBDi34fp2GYfpdS0/WliOVAy/Mn:lFTdCjEsKieONco6cYvS0/9OVAy/L
Static task
static1
Behavioral task
behavioral1
Sample
PRE ALERT DOCUMENTS.exe
Resource
win7-20230712-en
Malware Config
Extracted
darkcloud
- email_from
- email_to
Targets
-
-
Target
PRE ALERT DOCUMENTS.exe
-
Size
905KB
-
MD5
c1128956f3a5d97d01eb3a9a63fce28e
-
SHA1
24472f38948b2bc2e7fcce07d3ba6f68a78b06d1
-
SHA256
83c649919324adc6fddf8db7fbfb4750b8d990e0d1a25edda7b4f0cdcd044d05
-
SHA512
55576b2afe96c9948b6503f46377b682714b818a97f02407b7a46a6212320f794b50d812eac1c35245fff966b790857a399a5835fc173c76882a2526f7cd3296
-
SSDEEP
12288:lMS6ln+flo/XciMvDlFonmnE3eNOLyS/H/g1EpBDi34fp2GYfpdS0/WliOVAy/Mn:lFTdCjEsKieONco6cYvS0/9OVAy/L
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-