General
-
Target
25038144486e49d6a54f3780484b2033.bin
-
Size
776KB
-
Sample
250501-bglgkacm6s
-
MD5
86beb38a654b1742246c6d7607bc40e5
-
SHA1
03cc5ea74efaf10f42400a23fc73a60272bdfd0f
-
SHA256
57d5efce8ffca83db63dedc8e333e5f07a4613c276b0b1097febba9371d78336
-
SHA512
983f837740f0e4eb7f12c2d77cfd2c9c99a89d239ffbdc1dbf550345f845b0d795e4d8f32d4870658bd66b2e4e1239f3087c10d74951650ab0c9adb31b86e1e9
-
SSDEEP
24576:wck5xGBfp52OvdECDLqWayovqzNKv7909CT:xkjGBxNvdECHqWaydgvK9A
Static task
static1
Malware Config
Targets
-
-
Target
f49075854c53ae61920881846fac69180afd3276f6c5ffdc0f7740e2a712e762.exe
-
Size
962KB
-
MD5
25038144486e49d6a54f3780484b2033
-
SHA1
5ac81bd87347f0baa3fd65daaab01b8bf894ce2a
-
SHA256
f49075854c53ae61920881846fac69180afd3276f6c5ffdc0f7740e2a712e762
-
SHA512
57a635da52b1dfed5d0358b548cde68bd90cf92363033963022900a823aaef4561c44ad72fac429e4247286700098d9f327206a2967a025f90e5444ab2b838a9
-
SSDEEP
12288:vuXRY5dWqpG2mf+zQt3k1HiVqg6PBi659FbfxlrjBktZc0XsjQco0rv6Ktw+0dDq:vSoWmG2mW1HiqnFDrtCc08jQc/
-
Darkcloud family
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v16
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
1Credentials in Registry
1