General
-
Target
e073f03ad4da07937d0b2d4879e556104257ca2b293ed31de3d86b25e498a6cb
-
Size
827KB
-
Sample
240417-rwjvaacb37
-
MD5
4506ed7369b02ba16ece09a2afc17619
-
SHA1
4d4832c0ab9fb92b9a51867daf5a4d8c3fa61ef4
-
SHA256
e073f03ad4da07937d0b2d4879e556104257ca2b293ed31de3d86b25e498a6cb
-
SHA512
73022f32fcc7a08bf9e59036908ce9c903d4391f0c9b823d344df5eaa52f591eceb54882bd4345143a346f6629f6b80e3bb889c0c30f002c5dbef02642ab1e21
-
SSDEEP
12288:nyxGi98NnthhMb2adWgk+ffrGAUUcVIqTh7X8uYAgLTJqz6CCV6+ljlgzLLSdcos:82WTIz8jvUJxMuY9EzOV6+HKfSdLKCG
Static task
static1
Behavioral task
behavioral1
Sample
0dd421edda69a829b7b9d025fd81f947085c0b3a54d9025312823a56c2b5df83.exe
Resource
win7-20240221-en
Malware Config
Extracted
darkcloud
-
email_from
info@gtvbedding.com
-
email_to
info@gtvbedding.com
Targets
-
-
Target
0dd421edda69a829b7b9d025fd81f947085c0b3a54d9025312823a56c2b5df83.exe
-
Size
877KB
-
MD5
173aa6b5c260b3e19f1b979f054b02b0
-
SHA1
9ea4da05677968a322acf4330699e76b31676130
-
SHA256
0dd421edda69a829b7b9d025fd81f947085c0b3a54d9025312823a56c2b5df83
-
SHA512
29415d7778eb7d1275815f1bcee0c3f0613f300df29172ab03d63c119491af6ced57c25c39ed27e010c0e7ce7be87de216bf2757480db9fd392b95c1f8282d51
-
SSDEEP
24576:L/UAc8bshd1ixMpqvhnjqJR33ulonktC+FMIpSmUrSGG:L/U8bI1+MMv5YwloWCZU0m7
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-