General
-
Target
1fdc7b5d02e75ec173b96a3b273f755746b42b9b61c109e868fdbccce41eb70a
-
Size
831KB
-
Sample
250501-tzclgsdq2x
-
MD5
9f87c3d5b544cdbc6eaa4f6464c55742
-
SHA1
5d405b72a1867bc49080f0df3bb00f7d2685481d
-
SHA256
1fdc7b5d02e75ec173b96a3b273f755746b42b9b61c109e868fdbccce41eb70a
-
SHA512
e660c0673013fcac6029afa00b17650db026d37119ea041cc81f01f20a9a74bbb03ddcfd53bc6037263fe2ec61b2e247ed1df26516fb23758c94217c6563dc41
-
SSDEEP
12288:M978JbBC1zyAKC051BOrSeZLWTK1pMWzOxLpjfQTVM9xlpPFw2xjaCTurGRghAdv:xJbBGkBOWe1oK1pMbVdoTVsxfPpyr6f
Static task
static1
Behavioral task
behavioral1
Sample
1fdc7b5d02e75ec173b96a3b273f755746b42b9b61c109e868fdbccce41eb70a.exe
Resource
win10v2004-20250314-en
Malware Config
Targets
-
-
Target
1fdc7b5d02e75ec173b96a3b273f755746b42b9b61c109e868fdbccce41eb70a
-
Size
831KB
-
MD5
9f87c3d5b544cdbc6eaa4f6464c55742
-
SHA1
5d405b72a1867bc49080f0df3bb00f7d2685481d
-
SHA256
1fdc7b5d02e75ec173b96a3b273f755746b42b9b61c109e868fdbccce41eb70a
-
SHA512
e660c0673013fcac6029afa00b17650db026d37119ea041cc81f01f20a9a74bbb03ddcfd53bc6037263fe2ec61b2e247ed1df26516fb23758c94217c6563dc41
-
SSDEEP
12288:M978JbBC1zyAKC051BOrSeZLWTK1pMWzOxLpjfQTVM9xlpPFw2xjaCTurGRghAdv:xJbBGkBOWe1oK1pMbVdoTVsxfPpyr6f
-
Darkcloud family
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v16
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2