General
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://cdn.discordapp.com/attachments/1368694766518407251/1368894368848543787/QTN_792923_New_Order_pdf.txz?ex=6819e1ba&is=6818903a&hm=e58d522a077216ff4dd866ba7ccc6a84a70dd5933dcaca58c6c8c0389924c4bb&
Resource
win11-20250502-en
26 signatures
150 seconds
Malware Config
Targets
-
-
Target
https://cdn.discordapp.com/attachments/1368694766518407251/1368894368848543787/QTN_792923_New_Order_pdf.txz?ex=6819e1ba&is=6818903a&hm=e58d522a077216ff4dd866ba7ccc6a84a70dd5933dcaca58c6c8c0389924c4bb&
-
Darkcloud family
-
Executes dropped EXE
-
Loads dropped DLL
-
Blocklisted process makes network request
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-