Extracted

• • Target

    FACTURA07655670000.exe

  • Size

    954KB

  • MD5

    88d1b932294e7de67548c5b6b3ff0b6a

  • SHA1

    656134eab5eaba39f66e377139a167a7f17e2055

  • SHA256

    38fadfd8efeef9ec2c93f281a9c089687a8297421846bd3661160af5e9752ef1

  • SHA512

    467dff90d25fa4f01c454e566294ab74cbada3635c290a06fd6b33455704d730b59c42de4ff2447b2d449e4e63c2b6f9937ae4f9cc17ff7f66f612c9227365b2

  • SSDEEP

    24576:sTCBq8jt7SS2KlHSSqlZiOLmNZc3zfY98LCc6Cf4rewoKCu:ssFq6NZc3z7CLC23

  Score

  10^/10

  darkcloudexecutionstealer

  • DarkCloud

    An information stealer written in Visual Basic.

    stealerdarkcloud

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2