General
-
Target
78c596ef6b627c0210c528adda497162ef323dcb880edc19a1baa67c34e04906.exe
-
Size
829KB
-
Sample
250305-dgl47sxjs2
-
MD5
e7985f412b8dda457c2d953cc2bcebb0
-
SHA1
f2c2d4850d5d0a874495259f3b8c48a934d9d3a4
-
SHA256
78c596ef6b627c0210c528adda497162ef323dcb880edc19a1baa67c34e04906
-
SHA512
5749ca3397e1093e647ef77b2d8509c852b7d7c27db1793997a98bd6674254d15b2e15b8fe38e208c48807fb60cae34a232da4da5c8157310d4e1c6ecbd668e2
-
SSDEEP
24576:iqilza9TFsbVxbMTbWWzvfhKAwmuWZgITsWZrLVkzoEd6:iqizaEh2xzPuWdXkcf
Static task
static1
Behavioral task
behavioral1
Sample
78c596ef6b627c0210c528adda497162ef323dcb880edc19a1baa67c34e04906.exe
Resource
win7-20240729-en
Malware Config
Extracted
darkcloud
Protocol: ftp- Host:
@StrFtpServer - Port:
21 - Username:
@StrFtpUser - Password:
@StrFtpPass
Targets
-
-
Target
78c596ef6b627c0210c528adda497162ef323dcb880edc19a1baa67c34e04906.exe
-
Size
829KB
-
MD5
e7985f412b8dda457c2d953cc2bcebb0
-
SHA1
f2c2d4850d5d0a874495259f3b8c48a934d9d3a4
-
SHA256
78c596ef6b627c0210c528adda497162ef323dcb880edc19a1baa67c34e04906
-
SHA512
5749ca3397e1093e647ef77b2d8509c852b7d7c27db1793997a98bd6674254d15b2e15b8fe38e208c48807fb60cae34a232da4da5c8157310d4e1c6ecbd668e2
-
SSDEEP
24576:iqilza9TFsbVxbMTbWWzvfhKAwmuWZgITsWZrLVkzoEd6:iqizaEh2xzPuWdXkcf
-
Darkcloud family
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-