Extracted

• • Target

    80742a25d1550dd0f7ccb299672a5d9de889f57c0e53e3e8eea0e50d6b7ae33b.exe

  • Size

    774KB

  • MD5

    c8da5cab3dd5285bcf8fbc5f77b1415a

  • SHA1

    9132caf4f0c3030f044839c722c55da44b892ffc

  • SHA256

    80742a25d1550dd0f7ccb299672a5d9de889f57c0e53e3e8eea0e50d6b7ae33b

  • SHA512

    292dc2ed09534add4f7c7057549c05007bf374a89dde107001adc3b943a4d7d3e3b5c90f8f09c46b311905c6a08120ed6b400df1cc56fcc4060ca860a733a7e0

  • SSDEEP

    24576:kRFBUYxQiLg5N2Gzjne3qYHKKdskZtBCbEs:kRFjxQiLScGvnEqWs8zCn

  Score

  10^/10

  darkclouddiscoveryexecutionspywarestealerupx

  • DarkCloud

    An information stealer written in Visual Basic.

    stealerdarkcloud

  • Darkcloud family

    darkcloud

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • ACProtect 1.3x - 1.4x DLL software

    Detects file using ACProtect software.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2