Extracted

• • Target

    Invoice2309922.com_JC.exe

  • Size

    702KB

  • MD5

    3a6886baeb6c351421616a021d6069f2

  • SHA1

    dbfdc3dac2f74749e39a362abf61aab9274050c4

  • SHA256

    133c2603584de05cfbcf81e95218a83e91efb306961d5c337c4636a6eb47ee45

  • SHA512

    c277b71d15cb5c9fb08a69acdefff5e659046b0b59bcfb15834717283041831f217716f888108cc24562c8be3c2dbf6796207fa144102a0a67f7fdeb5aa1d928

  • SSDEEP

    12288:sGBLZp4l3hsKsH8CVK6v/0Nd0MTcu1ZZSNV5t+eROzHJGZ1mnU:ssImYf0M4biGm

  Score

  10^/10

  darkcloudstealer

  • DarkCloud

    An information stealer written in Visual Basic.

    stealerdarkcloud

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2