General
-
Target
factura2.bat.exe
-
Size
1.2MB
-
Sample
250430-jr7rjsfr4s
-
MD5
c50fdcc4cc84066a4fb5f942f099d91b
-
SHA1
b728ec0f0e5f6e3e7baaddae55c9c70ec4c8180b
-
SHA256
a02f3cec54ecc4c8ff49d15cd64e9d2cd1c00534e92c63b44a7f17f79c3ecdb6
-
SHA512
fbd625ee9822649c7e30898a59f0ba918e5543c1829a2be4fe676547de298e368e452f3715ad3616ca58928fe51ebe3c38ef093c519b92fb9053954ef8211102
-
SSDEEP
24576:Mtb20pkaCqT5TBWgNQ7a6pB2ak+m7hKwi7kNM3ym6A:1Vg5tQ7a632a4qfV5
Static task
static1
Malware Config
Extracted
darkcloud
- email_from
- email_to
Targets
-
-
Target
factura2.bat.exe
-
Size
1.2MB
-
MD5
c50fdcc4cc84066a4fb5f942f099d91b
-
SHA1
b728ec0f0e5f6e3e7baaddae55c9c70ec4c8180b
-
SHA256
a02f3cec54ecc4c8ff49d15cd64e9d2cd1c00534e92c63b44a7f17f79c3ecdb6
-
SHA512
fbd625ee9822649c7e30898a59f0ba918e5543c1829a2be4fe676547de298e368e452f3715ad3616ca58928fe51ebe3c38ef093c519b92fb9053954ef8211102
-
SSDEEP
24576:Mtb20pkaCqT5TBWgNQ7a6pB2ak+m7hKwi7kNM3ym6A:1Vg5tQ7a632a4qfV5
-
Darkcloud family
-
Drops startup file
-
Executes dropped EXE
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-