General
-
Target
66645939bd6645c87153990dd60e2193733d99f2cb61fcfc16bd140793ed1e8d
-
Size
633KB
-
Sample
240417-rvmjsade7x
-
MD5
218cabed0002eb706465155f72e288fe
-
SHA1
0691acc82b975b1b3f240ac54a00fe3836c3bf51
-
SHA256
66645939bd6645c87153990dd60e2193733d99f2cb61fcfc16bd140793ed1e8d
-
SHA512
890af681d7fc297735a6ae89c7e86e7b9596c8ffe23a39f9a2bab0c8130ccce2d4a234b287c1240f0341c5a449e307fbc1e458b018a7198d62c6737bb6061d39
-
SSDEEP
12288:LbAj0jX4TrPl3ts21nPVZ1J9sFnnOXVaGl8E/xP09pQxvVuI1IYjnRl:/MWX4d3tPnPVZ1vsFnOXVa9210vQlgIN
Static task
static1
Behavioral task
behavioral1
Sample
5ecbfb33b1adf9c70b5f79f15f78b4672bb458c1bde52985e4dd7ba6c046465f.exe
Resource
win7-20240221-en
Malware Config
Extracted
darkcloud
https://api.telegram.org/bot6746383234:AAHJ0bggxpanHasWvjMSekrXd1f03jgHZUM/sendMessage?chat_id=6475103768
Targets
-
-
Target
5ecbfb33b1adf9c70b5f79f15f78b4672bb458c1bde52985e4dd7ba6c046465f.exe
-
Size
703KB
-
MD5
434d182e6e4584f65a8c5f61b2bee723
-
SHA1
fe7632a9cbcec011843577a248b3f40376e4698b
-
SHA256
5ecbfb33b1adf9c70b5f79f15f78b4672bb458c1bde52985e4dd7ba6c046465f
-
SHA512
91ef5b8953e0f1202d46b618239776532077ca7a8f3c3e8d1617ee8dd716f4d9e5ce83511e05bb902be31302b473291e05442a760cd4eb9c886cb9a7276be26b
-
SSDEEP
12288:WbiAgYGp7Ev7BUbYCriqEbT0INP9HfBVKqk6MU21NX4alwiXSqtqgj:Fgv7BOTGYPU4XjDSqtq
-
Drops startup file
-
Suspicious use of SetThreadContext
-