General
-
Target
RE Purchase Order 45232429.exe
-
Size
1.1MB
-
Sample
250506-kw81vabq7t
-
MD5
7c569d356c8d2d21bdd921fd9fa963a3
-
SHA1
a0fb3f3407bdb93372943eb5058c2cb7891fed8d
-
SHA256
ba241aac2ad9f5b875f55d54d04eb99026e80d9bcb7abcfc2142b86fc939aded
-
SHA512
daa5fa28eb06c9f9aef596da350a21efed52182246963444b2608313839ebfb9ee84788a2e88ff9720b38ecb678901bdb5b754960d0122eb7a1655624f4c432a
-
SSDEEP
24576:AlMPgS1rHBbVHKbzfO50wVSGjuS+3/TpqxVe4Tva+p9Yw:AlcBZ2fO50MPuZ/TAxI4Tvx2w
Static task
static1
Malware Config
Targets
-
-
Target
RE Purchase Order 45232429.exe
-
Size
1.1MB
-
MD5
7c569d356c8d2d21bdd921fd9fa963a3
-
SHA1
a0fb3f3407bdb93372943eb5058c2cb7891fed8d
-
SHA256
ba241aac2ad9f5b875f55d54d04eb99026e80d9bcb7abcfc2142b86fc939aded
-
SHA512
daa5fa28eb06c9f9aef596da350a21efed52182246963444b2608313839ebfb9ee84788a2e88ff9720b38ecb678901bdb5b754960d0122eb7a1655624f4c432a
-
SSDEEP
24576:AlMPgS1rHBbVHKbzfO50wVSGjuS+3/TpqxVe4Tva+p9Yw:AlcBZ2fO50MPuZ/TAxI4Tvx2w
-
Darkcloud family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Suspicious use of SetThreadContext
-