General
-
Target
2049983c8bc3bc8bfd8eb95e01e56071ed1833b01a6923133d1238aa904f01d4.exe
-
Size
921KB
-
Sample
240417-bhv3dsah8s
-
MD5
9fe6dfcb679f1fb1c5a7c8c6269373ef
-
SHA1
0fa13c67f2642390e7aa402a1e3383429703572b
-
SHA256
2049983c8bc3bc8bfd8eb95e01e56071ed1833b01a6923133d1238aa904f01d4
-
SHA512
bb33ec9b0e3579dad182b439ed8954d622124ba611eaeeb5bb93920a765c963da1de94da8895bf0e151ebef1380bf024606bff3fb9e2d4df7b14c8de2ff19e3c
-
SSDEEP
12288:9jbl5URBsle4E3NgwUaDTm4V4CxOaVhGDvnKYI6kQLGjouEu80Lx+wnMCwwrb2pp:1E3lUa/mQ4CxOASRKQLWsxVag8avn
Static task
static1
Behavioral task
behavioral1
Sample
2049983c8bc3bc8bfd8eb95e01e56071ed1833b01a6923133d1238aa904f01d4.exe
Resource
win7-20240221-en
Malware Config
Extracted
darkcloud
https://api.telegram.org/bot7070490418:AAFJ-COsGzz3b8scJZVCXnt58-J1srUH5DQ/sendMessage?chat_id=5590273095
Targets
-
-
Target
2049983c8bc3bc8bfd8eb95e01e56071ed1833b01a6923133d1238aa904f01d4.exe
-
Size
921KB
-
MD5
9fe6dfcb679f1fb1c5a7c8c6269373ef
-
SHA1
0fa13c67f2642390e7aa402a1e3383429703572b
-
SHA256
2049983c8bc3bc8bfd8eb95e01e56071ed1833b01a6923133d1238aa904f01d4
-
SHA512
bb33ec9b0e3579dad182b439ed8954d622124ba611eaeeb5bb93920a765c963da1de94da8895bf0e151ebef1380bf024606bff3fb9e2d4df7b14c8de2ff19e3c
-
SSDEEP
12288:9jbl5URBsle4E3NgwUaDTm4V4CxOaVhGDvnKYI6kQLGjouEu80Lx+wnMCwwrb2pp:1E3lUa/mQ4CxOASRKQLWsxVag8avn
-
Detects executables containing SQL queries to confidential data stores. Observed in infostealers
-
Detects executables packed with SmartAssembly
-
Detects executables using Telegram Chat Bot
-
UPX dump on OEP (original entry point)
-
Suspicious use of SetThreadContext
-