Extracted

• • Target

    hesaphareketi-03-03-2025 (20kb)pdf ____________________________________________________________.exe

  • Size

    853KB

  • MD5

    3cf2c9b0253683ddec051b68012e32af

  • SHA1

    e9efd4edf31af061d899ec1ead04cd52a6cb134c

  • SHA256

    6ced7485ee8e4bb2aa919984473fed8a6c9201b29dbd1930d41126521524483e

  • SHA512

    39029384aa839f0b74d696e6b225c93ece3273641ff654f17a75418d8d83734ad82a2feb9ca970470f364d4fc000f7c7b0e4a538f0e02a4d5bf12228a4871ce2

  • SSDEEP

    24576:b83ilzaYtul8aG9ov31P+TDfaA7p0NdxkNceUP:o3izaYIl8d6FmDf97pKkNBC

  Score

  10^/10

  darkclouddiscoveryexecutionstealer

  • DarkCloud

    An information stealer written in Visual Basic.

    stealerdarkcloud

  • Darkcloud family

    darkcloud

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2