General
-
Target
INVOICE-0987656700900.bat.exe
-
Size
1.3MB
-
Sample
250430-jr73bafr4v
-
MD5
2e7f005519b7cedf3d66bdea8175faa4
-
SHA1
e18c62aca37fd81d4f122778ee2dff682ae6ab5c
-
SHA256
26c54155fb74ee661b99ed139707a8d44dab95937e8bd549744289b17b2f8424
-
SHA512
37d3338c5e8104c72a0e68dc983063efb1237ee8f93b34130dd8a05e3f1af0484fb9b0242075daafad1bd98d590f691279474777b5f23fe0ebc4793cf2d5c162
-
SSDEEP
24576:Ttb20pkaCqT5TBWgNQ7aNDFiO/HQBsrIkasaSH6A:QVg5tQ7aNvOsrIk5a05
Static task
static1
Malware Config
Extracted
darkcloud
- email_from
- email_to
-
host_password
Au445566_
-
host_server
mail.sunclubhotelside.com
Targets
-
-
Target
INVOICE-0987656700900.bat.exe
-
Size
1.3MB
-
MD5
2e7f005519b7cedf3d66bdea8175faa4
-
SHA1
e18c62aca37fd81d4f122778ee2dff682ae6ab5c
-
SHA256
26c54155fb74ee661b99ed139707a8d44dab95937e8bd549744289b17b2f8424
-
SHA512
37d3338c5e8104c72a0e68dc983063efb1237ee8f93b34130dd8a05e3f1af0484fb9b0242075daafad1bd98d590f691279474777b5f23fe0ebc4793cf2d5c162
-
SSDEEP
24576:Ttb20pkaCqT5TBWgNQ7aNDFiO/HQBsrIkasaSH6A:QVg5tQ7aNvOsrIk5a05
-
Darkcloud family
-
Drops startup file
-
Executes dropped EXE
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-