General
-
Target
04032025_1715_Revised Invoice VT-1307701765400112977_pdf.txz
-
Size
853KB
-
Sample
250304-vsk5qav1g1
-
MD5
8daa5c69afadaeabc93643a246150067
-
SHA1
22194769a8d21512c94d6780efa4b92d99f810f0
-
SHA256
784bef9af316d4a271ab3ca9eb6c4567041ce14cd0751fcfbafce9d8684abc78
-
SHA512
8f5ef7afe0024729ff279b43b86641dc61eb9d08e9c98ba2b478fc24a325397c162f9745b4bc363a6fc381bfa5c99cdde124be709b800a6c5aca70a599c72361
-
SSDEEP
12288:wnGEr56Aox8heuL8NlDUqS6BcKmAisO8QiFJi44Gn3mqa9UamxLRUjpbYIlmd3JP:wRr56AiKObdF082DaambUjdYIAE05hEi
Static task
static1
Behavioral task
behavioral1
Sample
Revised Invoice VT-1307701765400112977_pdf.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Revised Invoice VT-1307701765400112977_pdf.exe
Resource
win10v2004-20250217-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20250217-en
Malware Config
Extracted
darkcloud
Protocol: ftp- Host:
@StrFtpServer - Port:
21 - Username:
@StrFtpUser - Password:
@StrFtpPass
Targets
-
-
Target
Revised Invoice VT-1307701765400112977_pdf.exe
-
Size
949KB
-
MD5
f05da6ed938cc54483958e77fb9550ac
-
SHA1
20841d422c93b31458a2edec412334966e9afd89
-
SHA256
57f9bd6b2c6861bc380b64ecd2bb3d68b9021c097aca8d32954dbb02478e5dbd
-
SHA512
96d9c8e5c570ca25413aadde6ed197923ffa73cf93316dad3681fb71df0d17572e7e082c89217bc43dee3686815030610098e0c19b3a230eeb1c63149b1299e8
-
SSDEEP
12288:wR7sf+Xy8T/BtGwCiHufc6GMFC/e9esIre1mv2bdZ0QRE7XKmvrDbTJhThc2KmrG:aXy8/CxcpfWcRZwTKPRvjK4izQgb1FZ
-
Darkcloud family
-
Guloader family
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
3e6bf00b3ac976122f982ae2aadb1c51
-
SHA1
caab188f7fdc84d3fdcb2922edeeb5ed576bd31d
-
SHA256
4ff9b2678d698677c5d9732678f9cf53f17290e09d053691aac4cc6e6f595cbe
-
SHA512
1286f05e6a7e6b691f6e479638e7179897598e171b52eb3a3dc0e830415251069d29416b6d1ffc6d7dce8da5625e1479be06db9b7179e7776659c5c1ad6aa706
-
SSDEEP
192:eP24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35OlbSl:T8QIl975eXqlWBrz7YLOlb
Score3/10 -