Extracted

• • Target

    April New Order.js

  • Size

    2KB

  • MD5

    07151504178ba40a7d393a217ca6e169

  • SHA1

    592662fe8699669abbed3e29d4b9f784ae22a0c9

  • SHA256

    6b8a4c3d4a4a0a3aea50037744c5fec26a38d3fb6a596d006457f1c51bbc75c7

  • SHA512

    99ac2e98d003321fd6f20de14fe6c0fc16a5f716d257b6266e1b6b3ffd7ebf5eaac6234509ea694b1ed5094cc720e852fd37806331cac7922f25427c8c16ded1

  Score

  10^/10

  darkclouddiscoveryexecutionstealer

  • DarkCloud

    An information stealer written in Visual Basic.

    stealerdarkcloud

  • Darkcloud family

    darkcloud

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1