General
-
Target
b268d64c974f59357621dbc9daff9f033abf2703ee2e4cb971c09210dee7be5c.exe
-
Size
312KB
-
Sample
250310-phwwkstrt4
-
MD5
8f14f13dc44f85ff56cdf0ed7a6b983a
-
SHA1
5edb47220a6886ae60c7bd8d2b4e3db90fd5a214
-
SHA256
b268d64c974f59357621dbc9daff9f033abf2703ee2e4cb971c09210dee7be5c
-
SHA512
8b58f6a89785560f535e648a6c4f9245e1d57776f39e7c3ad11aa1c694377dbc53eb35cba803487ee345becb8aa79d47f5dd0dcedfba68ef522e3c55f6a16d2e
-
SSDEEP
6144:d93dhw0VJBQ+5aKY9vVly9UYVXtFHVv7SojJdo4:81KY9vV0K8tFVmo
Static task
static1
Behavioral task
behavioral1
Sample
b268d64c974f59357621dbc9daff9f033abf2703ee2e4cb971c09210dee7be5c.exe
Resource
win7-20240903-en
Malware Config
Extracted
darkcloud
Protocol: ftp- Host:
@StrFtpServer - Port:
21 - Username:
@StrFtpUser - Password:
@StrFtpPass
Targets
-
-
Target
b268d64c974f59357621dbc9daff9f033abf2703ee2e4cb971c09210dee7be5c.exe
-
Size
312KB
-
MD5
8f14f13dc44f85ff56cdf0ed7a6b983a
-
SHA1
5edb47220a6886ae60c7bd8d2b4e3db90fd5a214
-
SHA256
b268d64c974f59357621dbc9daff9f033abf2703ee2e4cb971c09210dee7be5c
-
SHA512
8b58f6a89785560f535e648a6c4f9245e1d57776f39e7c3ad11aa1c694377dbc53eb35cba803487ee345becb8aa79d47f5dd0dcedfba68ef522e3c55f6a16d2e
-
SSDEEP
6144:d93dhw0VJBQ+5aKY9vVly9UYVXtFHVv7SojJdo4:81KY9vV0K8tFVmo
-
Darkcloud family
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Drops startup file
-
Suspicious use of SetThreadContext
-