General
-
Target
receipt of full payment.xz
-
Size
803KB
-
Sample
240125-vqtn3sbdb9
-
MD5
b14b168d420d5450d9527d875c874100
-
SHA1
0e15cbb043f8cdf4724be2264260d7f2f42cceba
-
SHA256
53f4f2fdacb71053c9f371a052d8deb9cd0dc357313f88e20a96c2c10588042b
-
SHA512
d21d7fa50172c9e85f59df512b9ad9a4f03dd3e3625c8eca973ad0225fb1ecf48a12762a79be88a08ea86abfd6b1383caab5ecb03fc5f0b8cb58aa62b57d3056
-
SSDEEP
24576:pFBvuyYTaqSTGxdsHMFRbEbS4GzlxST/DH6Yq:lvuywpSTG0HMQSvzlxe6
Static task
static1
Behavioral task
behavioral1
Sample
receipt of full payment.exe
Resource
win7-20231129-en
Malware Config
Extracted
darkcloud
- email_from
- email_to
Targets
-
-
Target
receipt of full payment.exe
-
Size
918KB
-
MD5
dc8adcc624f9599d45e5e3b63411e4c7
-
SHA1
65f0b0f038f3969d5080ec79ce559093b217c467
-
SHA256
2c2ca8d1a75eef32da01814983a7a3dbddff14915ae96346af68dc29c65db7ea
-
SHA512
51443b901a0abd5a74d69e22ec66367604a3b4005256efe3c96c843e5873ec158cec4dcc647508ca682975434514cf88977f170b6586bc31ae69b360919ce41e
-
SSDEEP
12288:mlUgySozdUd283S5qgkFCxjI4s+gGL+i7vJ0TG/r7jam+VM/NwNVJdPFZdVBo6U1:8mFudCDkFCx84OG9Brj7emT/NCVJdz
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-