Extracted

• • Target

    2b43490960522d02b2770bd05786e0c97fe6272c2cf56c538de52be357b00971.exe

  • Size

    1.0MB

  • MD5

    7b657c4a513893d37f13c219583112f8

  • SHA1

    edab5a9b6b640f81d81879ba27a3b3a89aebb2b8

  • SHA256

    2b43490960522d02b2770bd05786e0c97fe6272c2cf56c538de52be357b00971

  • SHA512

    6cde2eb3246fbc023f12d612d5d08cd8d949405e15e72cc7da3f0a62d9269fd2ec3ed0fdb5a60b67d52e25dc8e51bcd7e10a10f5e0bc844ab879009ebfa7134d

  • SSDEEP

    24576:/id/EhEaNpCWCg3RcTATeEELdeJN/kee8X:/y/MEaNpC/f/MbME

  Score

  10^/10

  darkclouddiscoveryexecutionstealer

  • DarkCloud

    An information stealer written in Visual Basic.

    stealerdarkcloud

  • Darkcloud family

    darkcloud

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2