General
-
Target
833d4eec088b34350953aef276a426e8c0bc2d172e7526d593c0a14333b9d9b2.exe
-
Size
1.0MB
-
Sample
240503-b766yseb87
-
MD5
e0123b4cd87687d591b1906fc180a7a7
-
SHA1
227f10ad5e0bd239930eba7d9786f1a2f47474b7
-
SHA256
833d4eec088b34350953aef276a426e8c0bc2d172e7526d593c0a14333b9d9b2
-
SHA512
6b3a1b209830f7dad204f00190acdfb3a6238c1a5831d6514a64fe104a967e66da1c5b6896fcbd48a64f562ad091e0c11cbc1dc3b7e5b5fcf1c3cb222ddb35fc
-
SSDEEP
12288:TCWD4xZKxWWqvXHYXkX08C5KkpfqeH3cXiyQIOlMHAg:fD4xZKxIXzJWBpfqeHMS9+
Static task
static1
Behavioral task
behavioral1
Sample
833d4eec088b34350953aef276a426e8c0bc2d172e7526d593c0a14333b9d9b2.exe
Resource
win7-20240221-en
Malware Config
Extracted
darkcloud
https://api.telegram.org/bot7148308455:AAGrdlRzhjt8mx31-dFYXt4kvhbFnphSlSg/sendMessage?chat_id=6542615755
Targets
-
-
Target
833d4eec088b34350953aef276a426e8c0bc2d172e7526d593c0a14333b9d9b2.exe
-
Size
1.0MB
-
MD5
e0123b4cd87687d591b1906fc180a7a7
-
SHA1
227f10ad5e0bd239930eba7d9786f1a2f47474b7
-
SHA256
833d4eec088b34350953aef276a426e8c0bc2d172e7526d593c0a14333b9d9b2
-
SHA512
6b3a1b209830f7dad204f00190acdfb3a6238c1a5831d6514a64fe104a967e66da1c5b6896fcbd48a64f562ad091e0c11cbc1dc3b7e5b5fcf1c3cb222ddb35fc
-
SSDEEP
12288:TCWD4xZKxWWqvXHYXkX08C5KkpfqeH3cXiyQIOlMHAg:fD4xZKxIXzJWBpfqeHMS9+
-
Detects executables containing SQL queries to confidential data stores. Observed in infostealers
-
Detects executables using Telegram Chat Bot
-
UPX dump on OEP (original entry point)
-
Suspicious use of SetThreadContext
-