General
-
Target
BANK STATEMENT REPORT.exe
-
Size
981KB
-
Sample
241003-g5224ssfqg
-
MD5
11e3eec9035239203976f9847453ece4
-
SHA1
6198ac8abbf805341fe982dbb76f676fddb280bb
-
SHA256
88b07657500a548ed8476fa415896d2179c307d4751917ca892119c3fff120b0
-
SHA512
0a3e247cd1168bb91a37b8dfe50a2f20f3ef0d81e4edfe3a209ed7badd9caacdc639e2d0285ddfcdb0a75eaf90d37b21c57c838264b3f3431f3a27c560d1ab14
-
SSDEEP
24576:bnOxmRc2cFD8ej9XqzazPMi9J3/KEYTVOSET:Cxm22c7XXN9J3fR
Static task
static1
Behavioral task
behavioral1
Sample
BANK STATEMENT REPORT.exe
Resource
win7-20240903-en
Malware Config
Extracted
darkcloud
- email_from
- email_to
Targets
-
-
Target
BANK STATEMENT REPORT.exe
-
Size
981KB
-
MD5
11e3eec9035239203976f9847453ece4
-
SHA1
6198ac8abbf805341fe982dbb76f676fddb280bb
-
SHA256
88b07657500a548ed8476fa415896d2179c307d4751917ca892119c3fff120b0
-
SHA512
0a3e247cd1168bb91a37b8dfe50a2f20f3ef0d81e4edfe3a209ed7badd9caacdc639e2d0285ddfcdb0a75eaf90d37b21c57c838264b3f3431f3a27c560d1ab14
-
SSDEEP
24576:bnOxmRc2cFD8ej9XqzazPMi9J3/KEYTVOSET:Cxm22c7XXN9J3fR
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-