General
-
Target
01052025_0659_29042025_RFQ_H8930-NTB650-MATERIALS-PDF (2).zip
-
Size
778KB
-
Sample
250501-hsld9sgl9t
-
MD5
4c064072acec03828197584c44009e1e
-
SHA1
c8284344f31205ab93c836320cfc44b57b32b416
-
SHA256
32a635104f2a6da02b4b12bbb96aaaa5d6ae1c80ebc17e9a3717bda286e7d3e9
-
SHA512
b4186b541aa0dda646a20b360b0a49ed01ae565e8650a84d8abf524af705e539213123781570379670fb9b3c0af1702583feb1901c5b2444f2926be59cd94368
-
SSDEEP
24576:3ypc2e3o850/kKLILNDKwBws5/FDL1Ww7pVJCamuWUn:3EcfYo0/ksuNDKwBwspF3ww1C7uWUn
Static task
static1
Malware Config
Extracted
darkcloud
Protocol: ftp- Host:
ftp.mailo.com - Port:
21 - Username:
[email protected] - Password:
london@1759
Targets
-
-
Target
RFQ_H8930-NTB650-MATERIALS-PDF.com
-
Size
1.2MB
-
MD5
3efc2bcb6ebfac2c3ce51599e0f70154
-
SHA1
b64a88abffa398f17a52a144294740b4529ffe71
-
SHA256
95944428ef26b5837521a903afb6fe771e33f6f489829e81c012129d0bbd2751
-
SHA512
43888ebedb92c14676ed82a1da8130ca61a7755f2890f102f9b37863e430d47285671f46ac9c0595314fb9cbb528ed6ecb7b1d7174606c4fb10f9ab706462e8b
-
SSDEEP
24576:htb20pkaCqT5TBWgNQ7aJhraFTL1ewx5V7wsmuBk9N6A:yVg5tQ7aJhraFHkwVwtuWT5
-
Darkcloud family
-
Drops startup file
-
Executes dropped EXE
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-