General
-
Target
19284564528.zip
-
Size
884KB
-
Sample
241010-fx1zeaybjf
-
MD5
6899cd58a6f22f7f087f1126c4eb7745
-
SHA1
70885ca8e9605d87b6390e73935145e4d3224494
-
SHA256
88c5e6caa9880e682f748b55da70450279adf5d568bbf72a1522a39db199212f
-
SHA512
77907697000ca1a44e080f5f3ad47b57873c25d0ad127cce44daf1f54cff1578a817f667a391929e6a9ae53eee6e80b205c1d2bb8b7ac341cd85ed5068e47f87
-
SSDEEP
24576:2VMqJ88vJMJT1cPPcJdd0WoR4FUHwOfRaGtUBmzrVamwrnPKmHcK+cf:2VMqJ88vJMJ1H0U6HwOfAvErMLPKG1
Static task
static1
Behavioral task
behavioral1
Sample
PROFORMA INVOICE.exe
Resource
win7-20240729-en
Malware Config
Extracted
darkcloud
- email_from
- email_to
Targets
-
-
Target
PROFORMA INVOICE.exe
-
Size
982KB
-
MD5
89768b71499c0eb974853e8e3f0cf5c4
-
SHA1
be5b1ac72323e8e92643d3e0804d83b902ba486b
-
SHA256
5489a717a23f4b7e2f250429554bd8a3d744970e1bfabe2162c9eb2fa8c04df8
-
SHA512
badad67ac5109fe02d03f6685329ca30a057eb7b07706a1508854f86fd1339d578147e5beee0e084dc7eb6046288da26aefdbfea4e222eda005205307d962654
-
SSDEEP
24576:gWTx232DgTe6ATI2Kw5JdnFjXX7juCCmOhsN:jAV3ATIts1VXPuBh
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1