General
-
Target
0a8cd02d2ce087bd385a07dc8c27e8af85bfb4a0.zip
-
Size
777B
-
Sample
240503-nn95qafe44
-
MD5
70c1a01506503d66b2a2729f4e23719c
-
SHA1
5858a84143019ddc9cb3bd8e46e53ef7675305a2
-
SHA256
866019641f3374234b67045e063ec6514e811f1636e49b9bc3d54441bb4a6741
-
SHA512
4689c2472cf9537c7ccba4943714df9e5733688f40662804984d57fc59c57c9cee6c72b6585fb28d48f5c747e8dc17a1bea9054d2726c08c16a1be19d305bccb
Static task
static1
Behavioral task
behavioral1
Sample
SOA_XSL.wsf
Resource
win7-20240221-en
Malware Config
Extracted
darkcloud
-
email_from
igor.bos@vinoterra.ru
-
email_to
office.tony39@mail.ru
Targets
-
-
Target
SOA_XSL.wsf
-
Size
795B
-
MD5
644ca3a3f10afbeab56d93ce4ad7f0ba
-
SHA1
ef5dcb8a6e1a1152d116411f784a609c8f870a0a
-
SHA256
377180ae7109057e5f8403307834211a4c75a584be3090552cb059e52bf4a192
-
SHA512
da09d35e3dabf0f4c4d541b0322ca1e2600522d7d41abc6adf04d568a58af8a98e89bbcd83a67869e1becaf6fda412aaf0762f1465e47faceaf06293d1db27ea
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-