General
-
Target
e6c31711fb2d4789a2269e5a2ddb205ae4fe554fcbe144041b08b9a91ef2abf1.zip
-
Size
679KB
-
Sample
250430-pxln6aal9t
-
MD5
e9dec72d6a8342993e5e64a64d55e2ea
-
SHA1
85421e3e35a2d3c1dfcc1ec92ba967d7aba6eb64
-
SHA256
0a4d89731ed8d9bb255e5c8eec7daa1938f6118f3de7eb38401d1d3837953982
-
SHA512
98c8d08ba3c18ddeab930ea55d71a0f94bcdd60d265512173bb37855b639e089c5f4b44dbb9516eee8185aba32fbf4999221de5b3f19a637ac2e74144e935d08
-
SSDEEP
12288:IYn4c/iQwsCtMowmuLGdS8wPPChz+Zek+KJH1/4Zg8zxWMTbbanxQtZKA:hTz9LGdDwyVlk+wVQu8dW0bbaxKKA
Static task
static1
Malware Config
Targets
-
-
Target
e6c31711fb2d4789a2269e5a2ddb205ae4fe554fcbe144041b08b9a91ef2abf1.exe
-
Size
791KB
-
MD5
36b3e837cead7b1538ea5e41485a06ac
-
SHA1
c76596c085051231244be3af1fc60008c3996699
-
SHA256
e6c31711fb2d4789a2269e5a2ddb205ae4fe554fcbe144041b08b9a91ef2abf1
-
SHA512
88c9e31917a1d986c035e816087f5a00da9969b066801ddd063904324722433f170d9284225fd3b1fd1f2a48a8ed04e7ff9de9202309a70c0d120c52b45a513b
-
SSDEEP
12288:oTEljAjpQDhvzNcXrt3VlhL96E6hzHFIc9CynX24sm57tbPOhTxSLvJSmmV:oTE6jpywlTL9p6hzF9nnF58SLRSmK
-
Darkcloud family
-
Executes dropped EXE
-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-