General
-
Target
56865b02e4db16957d53b8ffaa0f533ffdd9465dbebe90d44bc936a54cd37468
-
Size
1000KB
-
Sample
240930-m9578asamr
-
MD5
cb4cce46a111d52238d23b181d820781
-
SHA1
0925ed6491efd79f5bd12da759d9130f91464281
-
SHA256
56865b02e4db16957d53b8ffaa0f533ffdd9465dbebe90d44bc936a54cd37468
-
SHA512
671ac9ad5e1e0616a1769908dcb5e8375d8075c25c427c3132bddcb04a6d5598e3513a3a83894a1a4578a8e79b7c7e21481e93bbed4d83eccccc9d52c85118f4
-
SSDEEP
24576:2Uxcq3wP+jdUdxUr5sxJVe+U0QLw8qDcN3D7FxQ:WrP+jdUdur5sxJY+U0z8qQ9
Static task
static1
Behavioral task
behavioral1
Sample
56865b02e4db16957d53b8ffaa0f533ffdd9465dbebe90d44bc936a54cd37468.exe
Resource
win7-20240708-en
Malware Config
Extracted
darkcloud
- email_from
- email_to
Targets
-
-
Target
56865b02e4db16957d53b8ffaa0f533ffdd9465dbebe90d44bc936a54cd37468
-
Size
1000KB
-
MD5
cb4cce46a111d52238d23b181d820781
-
SHA1
0925ed6491efd79f5bd12da759d9130f91464281
-
SHA256
56865b02e4db16957d53b8ffaa0f533ffdd9465dbebe90d44bc936a54cd37468
-
SHA512
671ac9ad5e1e0616a1769908dcb5e8375d8075c25c427c3132bddcb04a6d5598e3513a3a83894a1a4578a8e79b7c7e21481e93bbed4d83eccccc9d52c85118f4
-
SSDEEP
24576:2Uxcq3wP+jdUdxUr5sxJVe+U0QLw8qDcN3D7FxQ:WrP+jdUdur5sxJY+U0z8qQ9
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-