General
-
Target
Pro_Details_17256.vbe
-
Size
11KB
-
Sample
250305-jge9jssxbz
-
MD5
9f6610b7f362319fe51369213f18cf40
-
SHA1
d5d9f5052488e78b7324765592f26f85ab32b780
-
SHA256
fa1dbfb0f234eb04893d9473ab107ee50e4073b0d6bfdd6c54b168c5f5388867
-
SHA512
ad844f4f41536426934cd763d0314a6e69f58de12b232e6361537a6e0f414046f154b8424f7375f4da26fe47b4a8060e9e12f8d1322680da483ec6aa5bb0b4ca
-
SSDEEP
192:Lh1qXSnEgAyK31ldY2nX3V0JlaUfnR1QCgsfpF3cK:qCnEMK31l2MXK7LfnsCgG9d
Static task
static1
Behavioral task
behavioral1
Sample
Pro_Details_17256.vbe
Resource
win7-20241023-en
Malware Config
Extracted
darkcloud
- email_from
- email_to
Targets
-
-
Target
Pro_Details_17256.vbe
-
Size
11KB
-
MD5
9f6610b7f362319fe51369213f18cf40
-
SHA1
d5d9f5052488e78b7324765592f26f85ab32b780
-
SHA256
fa1dbfb0f234eb04893d9473ab107ee50e4073b0d6bfdd6c54b168c5f5388867
-
SHA512
ad844f4f41536426934cd763d0314a6e69f58de12b232e6361537a6e0f414046f154b8424f7375f4da26fe47b4a8060e9e12f8d1322680da483ec6aa5bb0b4ca
-
SSDEEP
192:Lh1qXSnEgAyK31ldY2nX3V0JlaUfnR1QCgsfpF3cK:qCnEMK31l2MXK7LfnsCgG9d
-
Darkcloud family
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-