General
-
Target
SecuriteInfo.com.Win32.MalwareX-gen.28745.10293.exe
-
Size
1.1MB
-
Sample
250502-jbyhyaaj7y
-
MD5
1ca173777978e4e73995138c57622954
-
SHA1
62f77f8255a244824739a2af319941ae976981ce
-
SHA256
8d071dcb45fd83eb7e8f6495d6e6588adfcd1febce528844281452e882bbf12d
-
SHA512
e73741e212d3e6024634838da25581202fec087bbde3fd36e05194438bb85d5e4b1f3fd0e15b1fdecf8743bb401fc5c9fe7d8ad3605b3ad6150f53b6f4cc5f7c
-
SSDEEP
24576:W+y+w+Ls4HywWyIlXK/8PtEQ8vBBU6WdMxeCx52Ov:WBFQs43wl6OE95BDWqxdx52
Static task
static1
Malware Config
Extracted
darkcloud
https://api.telegram.org/bot7725030292:AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs/sendMessage?chat_id=6732456666
Targets
-
-
Target
SecuriteInfo.com.Win32.MalwareX-gen.28745.10293.exe
-
Size
1.1MB
-
MD5
1ca173777978e4e73995138c57622954
-
SHA1
62f77f8255a244824739a2af319941ae976981ce
-
SHA256
8d071dcb45fd83eb7e8f6495d6e6588adfcd1febce528844281452e882bbf12d
-
SHA512
e73741e212d3e6024634838da25581202fec087bbde3fd36e05194438bb85d5e4b1f3fd0e15b1fdecf8743bb401fc5c9fe7d8ad3605b3ad6150f53b6f4cc5f7c
-
SSDEEP
24576:W+y+w+Ls4HywWyIlXK/8PtEQ8vBBU6WdMxeCx52Ov:WBFQs43wl6OE95BDWqxdx52
-
Darkcloud family
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-