General
-
Target
c4bf41b21fbf588fa863aaf613815ebdb3e453c51f8b75c08803c866a5a543c3.rar
-
Size
695KB
-
Sample
250305-eae8raxq13
-
MD5
a20fedb1d8ceb2ab4e7f4bef3b64cee2
-
SHA1
a807014234cfce31b5dc21723cfa5b967eed93d3
-
SHA256
c4bf41b21fbf588fa863aaf613815ebdb3e453c51f8b75c08803c866a5a543c3
-
SHA512
2296fd4e05f20fbcc32ca20960ea36c3a6c195c1c211e749d8d5da32d03a3ec773b4d61febfbc093f8cc72fca6fefe2c1bcf556d911276d4b09ed2c9fd518945
-
SSDEEP
12288:Rb0fflRCmIIRxUauBsMy9L95pkzCMJEaWj7K9ds/SiELp/EIniXgyYF4v7kTECVX:F0rDrRxUauBsMydSfyCkud/zeg7u7bC5
Static task
static1
Behavioral task
behavioral1
Sample
invoice.exe
Resource
win7-20241010-en
Malware Config
Extracted
darkcloud
Protocol: ftp- Host:
@StrFtpServer - Port:
21 - Username:
@StrFtpUser - Password:
@StrFtpPass
Targets
-
-
Target
invoice.exe
-
Size
1.2MB
-
MD5
11dcf616c9ba676358f45f9dad9dd76d
-
SHA1
72aca8573cf6a671c7b00afe478e48334fc56b58
-
SHA256
de61aeb6ede1d93a6391fd889f0864cb7ad312c3a759db83d7f01d4363c566bd
-
SHA512
6894b9708e3efbaf472edcf223944181ac5e2708603d2525c9f762b50569c0c22d3af1c242e073d5a52e341370c18434ac0ad88ab66b8de6f0573328eaea19b1
-
SSDEEP
24576:Uu6J33O0c+JY5UZ+XC0kGso6Fawg8osTmX61lYkq88vJBhBL1PVZ5WY:uu0c++OCvkGs9Faw4TX61lYkPIVp1dCY
-
Darkcloud family
-
Suspicious use of SetThreadContext
-