General
-
Target
malw.exe
-
Size
1004KB
-
Sample
250305-gsjp1a1lx8
-
MD5
3156c039ac4398f39061e0db79c297dd
-
SHA1
0dedc7bbd2cc3104a545ac9e938ef6cb4a9bcdaf
-
SHA256
3e2312f98954bf8411a1a13b8f56a39a23e24743eec56b237405b6acdea9f528
-
SHA512
5dafea638e522baacf58bf23169ac123afbaee94f1496b52e07047b67f3a841f253500d6e5a92c69ac7c89e22d725eafe3e2376af2a1e8efca1e204d11861989
-
SSDEEP
12288:fTeLfUucNs4tqjIqPw0RSOqwXiPZ1SSi08cd0ivkI74N4OxqwxHLdm5HY66fsHtx:fibYSgp4w0SOqwXimSXVvkIw4gRpjKD
Static task
static1
Behavioral task
behavioral1
Sample
malw.exe
Resource
win7-20240729-en
Malware Config
Extracted
darkcloud
Protocol: ftp- Host:
@StrFtpServer - Port:
21 - Username:
@StrFtpUser - Password:
@StrFtpPass
Targets
-
-
Target
malw.exe
-
Size
1004KB
-
MD5
3156c039ac4398f39061e0db79c297dd
-
SHA1
0dedc7bbd2cc3104a545ac9e938ef6cb4a9bcdaf
-
SHA256
3e2312f98954bf8411a1a13b8f56a39a23e24743eec56b237405b6acdea9f528
-
SHA512
5dafea638e522baacf58bf23169ac123afbaee94f1496b52e07047b67f3a841f253500d6e5a92c69ac7c89e22d725eafe3e2376af2a1e8efca1e204d11861989
-
SSDEEP
12288:fTeLfUucNs4tqjIqPw0RSOqwXiPZ1SSi08cd0ivkI74N4OxqwxHLdm5HY66fsHtx:fibYSgp4w0SOqwXimSXVvkIw4gRpjKD
-
Darkcloud family
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-