General
-
Target
z10RFQ-202401.exe
-
Size
1021KB
-
Sample
241009-hs8jssvgqg
-
MD5
82a8f6b951126abaa0e884cb6e5a9b19
-
SHA1
7eb443ea956a5de3159dd38206460809345d1436
-
SHA256
ec0d72589beb5612e587061560e3b55a728b71642f60b1d4ae095bcdaab57fc8
-
SHA512
07fcd2fd9366072a5d602726f16fb0b832e2e1ad122da0f4ec30bf3bb8042c92bd7d76ae5a0a47bcf6a973fa6add07f617207616377f95aa47ee8971a0b685b1
-
SSDEEP
24576:JoaKAfTxOCPSKRxHkB6a6Fbdh9WWUO4dJ7EE:JoaKyTxrvxHTaebbsoE
Static task
static1
Behavioral task
behavioral1
Sample
z10RFQ-202401.exe
Resource
win7-20240708-en
Malware Config
Extracted
darkcloud
https://api.telegram.org/bot5723230539:AAHXr6rmQsEsq1CdwKBxLF-mnANEsBE4mYk
Targets
-
-
Target
z10RFQ-202401.exe
-
Size
1021KB
-
MD5
82a8f6b951126abaa0e884cb6e5a9b19
-
SHA1
7eb443ea956a5de3159dd38206460809345d1436
-
SHA256
ec0d72589beb5612e587061560e3b55a728b71642f60b1d4ae095bcdaab57fc8
-
SHA512
07fcd2fd9366072a5d602726f16fb0b832e2e1ad122da0f4ec30bf3bb8042c92bd7d76ae5a0a47bcf6a973fa6add07f617207616377f95aa47ee8971a0b685b1
-
SSDEEP
24576:JoaKAfTxOCPSKRxHkB6a6Fbdh9WWUO4dJ7EE:JoaKyTxrvxHTaebbsoE
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-