General
-
Target
04032025_1701_04032025_Inquiry And Samples.zip
-
Size
3KB
-
Sample
250304-vjmxyswlz7
-
MD5
e8eb901468d4cd9fc6b9428a33d56488
-
SHA1
c07b9565708e898781298b24f9b400eeffae5347
-
SHA256
7ecf947623a1ea62b452ac281833fa2e8384b143293060c5db93442fc3f43213
-
SHA512
f3563ed8269e1a47a8b84c673858e431b5293e349cd88ad55253bd16aba00e28cbbf59aa5ef61cbfab4c23ca0e43df36b84afe2791e5943051175c8524f1483d
Static task
static1
Behavioral task
behavioral1
Sample
Pro_Details_17256.vbe
Resource
win7-20240729-en
Malware Config
Targets
-
-
Target
Pro_Details_17256.vbe
-
Size
11KB
-
MD5
9f6610b7f362319fe51369213f18cf40
-
SHA1
d5d9f5052488e78b7324765592f26f85ab32b780
-
SHA256
fa1dbfb0f234eb04893d9473ab107ee50e4073b0d6bfdd6c54b168c5f5388867
-
SHA512
ad844f4f41536426934cd763d0314a6e69f58de12b232e6361537a6e0f414046f154b8424f7375f4da26fe47b4a8060e9e12f8d1322680da483ec6aa5bb0b4ca
-
SSDEEP
192:Lh1qXSnEgAyK31ldY2nX3V0JlaUfnR1QCgsfpF3cK:qCnEMK31l2MXK7LfnsCgG9d
-
Darkcloud family
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-