General
-
Target
1154039c4b1ff69d88c44d77a02d6f24c904e311880edd17b7ca9f5e4e1b26f4.exe
-
Size
867KB
-
Sample
250304-cknxjawqw2
-
MD5
c42e6727062eb7dc29766e08f9fffa9b
-
SHA1
fa88d10db31d2e2ddf4aa6e0855f1b5689322bab
-
SHA256
1154039c4b1ff69d88c44d77a02d6f24c904e311880edd17b7ca9f5e4e1b26f4
-
SHA512
195502111d2dd147c53f5954dfc6615eec6c1d193736c9cdec16f5f849f24c620f3390278dd4d73e5fc7dbbb6084726e7b7a8c7236aa1fc466faf1b071c32a2e
-
SSDEEP
24576:qn83ilzaYx6s6ff7RzyqeqGo7k5VCpgX5pR/0un:f3izaY56rRznvx7w/TR/dn
Static task
static1
Behavioral task
behavioral1
Sample
1154039c4b1ff69d88c44d77a02d6f24c904e311880edd17b7ca9f5e4e1b26f4.exe
Resource
win7-20240729-en
Malware Config
Extracted
darkcloud
Protocol: ftp- Host:
@StrFtpServer - Port:
21 - Username:
@StrFtpUser - Password:
@StrFtpPass
Targets
-
-
Target
1154039c4b1ff69d88c44d77a02d6f24c904e311880edd17b7ca9f5e4e1b26f4.exe
-
Size
867KB
-
MD5
c42e6727062eb7dc29766e08f9fffa9b
-
SHA1
fa88d10db31d2e2ddf4aa6e0855f1b5689322bab
-
SHA256
1154039c4b1ff69d88c44d77a02d6f24c904e311880edd17b7ca9f5e4e1b26f4
-
SHA512
195502111d2dd147c53f5954dfc6615eec6c1d193736c9cdec16f5f849f24c620f3390278dd4d73e5fc7dbbb6084726e7b7a8c7236aa1fc466faf1b071c32a2e
-
SSDEEP
24576:qn83ilzaYx6s6ff7RzyqeqGo7k5VCpgX5pR/0un:f3izaY56rRznvx7w/TR/dn
-
Darkcloud family
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-