General
-
Target
PROFORMA INVOICE.arj
-
Size
884KB
-
Sample
241003-e6m88sycpb
-
MD5
3f9ad9cebe273f2e650ed2357905ff26
-
SHA1
fa9671fb630829739846c136629ab48ae3d689f0
-
SHA256
ccdf54b8450d34d8c6a114598278a88b1807d6c5e447f45b746acc14193e773a
-
SHA512
8ce2b3c803e0491ba67900c87248bbabf711b7cbebe817eaaad97b1bf8d3ce00f1964a799f4dc3d06c771dfefed7af6317725ca250e7837bc456094c7d9fcccd
-
SSDEEP
12288:BRelGnwr8TpUaY5oLdIXFhgEfoiJ2T0x3YMo90gmNlGLMxlryedyVriSjF1tpbAJ:+lOPyaYee1SRDMYJ0g0lGLMbypJc3uS
Static task
static1
Behavioral task
behavioral1
Sample
PROFORMA INVOICE.exe
Resource
win7-20240903-en
Malware Config
Extracted
darkcloud
- email_from
- email_to
Targets
-
-
Target
PROFORMA INVOICE.exe
-
Size
982KB
-
MD5
89768b71499c0eb974853e8e3f0cf5c4
-
SHA1
be5b1ac72323e8e92643d3e0804d83b902ba486b
-
SHA256
5489a717a23f4b7e2f250429554bd8a3d744970e1bfabe2162c9eb2fa8c04df8
-
SHA512
badad67ac5109fe02d03f6685329ca30a057eb7b07706a1508854f86fd1339d578147e5beee0e084dc7eb6046288da26aefdbfea4e222eda005205307d962654
-
SSDEEP
24576:gWTx232DgTe6ATI2Kw5JdnFjXX7juCCmOhsN:jAV3ATIts1VXPuBh
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-