General
-
Target
688c929b7be5c31a2a5410394024f9dea1bcfc62af0c24237d2b23b8fea70055.exe
-
Size
312KB
-
Sample
250311-d2v8lsyr12
-
MD5
a96c59a13f39027b83fc5d9e2222edc7
-
SHA1
62233614e0ad9d4a5abe2b10d2f368a5651f6667
-
SHA256
688c929b7be5c31a2a5410394024f9dea1bcfc62af0c24237d2b23b8fea70055
-
SHA512
49c300c1ec38bd09674b427dfaa91a847ba10f3dec79f88a27a9fdb9e72ea6ad7af90db28907d6131f183b50a7e904a16f018784a2971beb5005793f6c92c084
-
SSDEEP
3072:tADMz9yd8VWBQiz9gVDywSzirNPU4y3HVeBszXxSG8BJWrjKnTHIgLT1vJBtQPIX:/9yd8VWBQizZwrU4kHMaBSQjb2QPQo4
Static task
static1
Behavioral task
behavioral1
Sample
688c929b7be5c31a2a5410394024f9dea1bcfc62af0c24237d2b23b8fea70055.exe
Resource
win7-20240903-en
Malware Config
Extracted
darkcloud
Protocol: ftp- Host:
@StrFtpServer - Port:
21 - Username:
@StrFtpUser - Password:
@StrFtpPass
Targets
-
-
Target
688c929b7be5c31a2a5410394024f9dea1bcfc62af0c24237d2b23b8fea70055.exe
-
Size
312KB
-
MD5
a96c59a13f39027b83fc5d9e2222edc7
-
SHA1
62233614e0ad9d4a5abe2b10d2f368a5651f6667
-
SHA256
688c929b7be5c31a2a5410394024f9dea1bcfc62af0c24237d2b23b8fea70055
-
SHA512
49c300c1ec38bd09674b427dfaa91a847ba10f3dec79f88a27a9fdb9e72ea6ad7af90db28907d6131f183b50a7e904a16f018784a2971beb5005793f6c92c084
-
SSDEEP
3072:tADMz9yd8VWBQiz9gVDywSzirNPU4y3HVeBszXxSG8BJWrjKnTHIgLT1vJBtQPIX:/9yd8VWBQizZwrU4kHMaBSQjb2QPQo4
-
Darkcloud family
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Drops startup file
-
Suspicious use of SetThreadContext
-