General
-
Target
Documentos de exportación_envío adjuntos-password(X9hVfEzD).zip
-
Size
1.0MB
-
Sample
250502-qvf7bscm8v
-
MD5
89c07ecf3d0aafccf3fad39f42f10874
-
SHA1
6b508cab81feae9d1922fe10391d0d27e87a4835
-
SHA256
9ad92096d67780d9f6ac1e12b773c7b67fdab911eb0ed51dee67eee286b9d5fb
-
SHA512
e06cd8860d591c6ce783eb110e75a273ff54648fd9d87ab797982d5296afdfdd0bfbafd3487ecbf96944708e9216ec4d53dc2fae628543a0eda99102a12d9067
-
SSDEEP
24576:xFcIlwgUOCHSeWUdWI5jLq9+4q1qZ6LI+RzuLeDs0Mbsuju:DRUdfX3Enqx04tMY+u
Static task
static1
Behavioral task
behavioral1
Sample
Documentos de exportación_envío adjuntos-password(X9hVfEzD).zip
Resource
win10v2004-20250410-en
Behavioral task
behavioral2
Sample
e4e392a7a100a6e708e67c0bedfefbccef17fcb5dab1a52ba4e31cc6ef452477.eml
Resource
win10v2004-20250410-en
Behavioral task
behavioral3
Sample
Documentos de env�o incorrectos.rar
Resource
win10v2004-20250410-en
Behavioral task
behavioral4
Sample
Documentos de envío incorrectos.exe
Resource
win10v2004-20250313-en
Behavioral task
behavioral5
Sample
email-html-1.html
Resource
win10v2004-20250410-en
Malware Config
Targets
-
-
Target
Documentos de exportación_envío adjuntos-password(X9hVfEzD).zip
-
Size
1.0MB
-
MD5
89c07ecf3d0aafccf3fad39f42f10874
-
SHA1
6b508cab81feae9d1922fe10391d0d27e87a4835
-
SHA256
9ad92096d67780d9f6ac1e12b773c7b67fdab911eb0ed51dee67eee286b9d5fb
-
SHA512
e06cd8860d591c6ce783eb110e75a273ff54648fd9d87ab797982d5296afdfdd0bfbafd3487ecbf96944708e9216ec4d53dc2fae628543a0eda99102a12d9067
-
SSDEEP
24576:xFcIlwgUOCHSeWUdWI5jLq9+4q1qZ6LI+RzuLeDs0Mbsuju:DRUdfX3Enqx04tMY+u
Score1/10 -
-
-
Target
e4e392a7a100a6e708e67c0bedfefbccef17fcb5dab1a52ba4e31cc6ef452477.eml
-
Size
1.0MB
-
MD5
47cd9e23320176fa7d5a68103c0659b1
-
SHA1
600eda20c29e5488b438e5b8555ec3f9c6338fc0
-
SHA256
5c2fec9f97ba1b736fd855da18222eb7aa4cbe24e4b4ce3e3e14e50a4bd16f6e
-
SHA512
aec3e40f8f6671ff89bd4cb753a84d08521059152981a26a0f6596f5284d5c7ef0ee3a9ea6798d5d1d46c30c494548908da51c7b4ea2c4f5378bef8aa1d7a057
-
SSDEEP
24576:fWeyGQqftfSHBzSapJdY61/TM964aZC712ddlL5fV2cAGuE:f2cftgSapk62964tk7f1
Score3/10 -
-
-
Target
Documentos de env�o incorrectos.gz
-
Size
771KB
-
MD5
d8718d0e2f67ddec3c1568b651d00a22
-
SHA1
fef7ab5a30979ef20547cef3264dfe6f05e1323e
-
SHA256
133fb31ea43144abce54d27f8ac0f0b8f8f537cdbc15d724f95aa33ca3580c64
-
SHA512
19b2e9b73ca63541de675d578c7947bf106dd5bb2bea32c64fee0f2ef08c1823e43a5c5cac9b8ae0c504b674a18edc7253c8eda0a51a227ee2d483b8aae75a6f
-
SSDEEP
24576:buvFDXuzHxoCNPblT4nDqR1MGYxpg/niW7:YAzxoQPblbGZg/57
Score1/10 -
-
-
Target
Documentos de envío incorrectos.exe
-
Size
962KB
-
MD5
25038144486e49d6a54f3780484b2033
-
SHA1
5ac81bd87347f0baa3fd65daaab01b8bf894ce2a
-
SHA256
f49075854c53ae61920881846fac69180afd3276f6c5ffdc0f7740e2a712e762
-
SHA512
57a635da52b1dfed5d0358b548cde68bd90cf92363033963022900a823aaef4561c44ad72fac429e4247286700098d9f327206a2967a025f90e5444ab2b838a9
-
SSDEEP
12288:vuXRY5dWqpG2mf+zQt3k1HiVqg6PBi659FbfxlrjBktZc0XsjQco0rv6Ktw+0dDq:vSoWmG2mW1HiqnFDrtCc08jQc/
-
Darkcloud family
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-
-
-
Target
email-html-1.txt
-
Size
711B
-
MD5
36f2fcf5ad183c3bb8efc2d10fb6bf0c
-
SHA1
52317f69369ed9633430b4ed15c111df5fcaeb9d
-
SHA256
f70571fb726722160615744cd069b0aebf9f55574d9db49995e30b00897aedf3
-
SHA512
44e4dc57665697b428f68be9237067b2f25219e9f9d2ed7d6cf6daa7e3021c8de9d607e315f376decc4434e18cab1cf8e95a17eb2b897ab18c589b13a843df6f
Score4/10 -
MITRE ATT&CK Enterprise v16
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
1Credentials in Registry
1