General
-
Target
PO2504-0030.AT[WACKER NG 00425]_pdf.exe
-
Size
785KB
-
Sample
250506-kw8ebabq5z
-
MD5
3ec02c4ab1a94189accaf79d1301c6c2
-
SHA1
93fab5407c8985e06c40d6e9968a7db90d3ffa93
-
SHA256
860f5000f33f99fbbbaac59c2f8e5ebde5af285c92f851f11e203a2c6bf55c38
-
SHA512
91126a0855009ff55b858f4930869f09c6139727049f74fbdab1cb9f444747ee611d95a900635cd7624df19a894d841bd4fdfec34054f07cfa2f066fb6a5660e
-
SSDEEP
12288:eI8md7NV6P6NL9Eei2Uyds7dH+maPXSjUdUKIwbkupDrs3r15O:/d7NV6P1p2U7hSP9xI2Y3rC
Static task
static1
Behavioral task
behavioral1
Sample
PO2504-0030.AT[WACKER NG 00425]_pdf.exe
Resource
win10v2004-20250502-en
Behavioral task
behavioral2
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10v2004-20250502-en
Malware Config
Targets
-
-
Target
PO2504-0030.AT[WACKER NG 00425]_pdf.exe
-
Size
785KB
-
MD5
3ec02c4ab1a94189accaf79d1301c6c2
-
SHA1
93fab5407c8985e06c40d6e9968a7db90d3ffa93
-
SHA256
860f5000f33f99fbbbaac59c2f8e5ebde5af285c92f851f11e203a2c6bf55c38
-
SHA512
91126a0855009ff55b858f4930869f09c6139727049f74fbdab1cb9f444747ee611d95a900635cd7624df19a894d841bd4fdfec34054f07cfa2f066fb6a5660e
-
SSDEEP
12288:eI8md7NV6P6NL9Eei2Uyds7dH+maPXSjUdUKIwbkupDrs3r15O:/d7NV6P1p2U7hSP9xI2Y3rC
-
Darkcloud family
-
Loads dropped DLL
-
Blocklisted process makes network request
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
$PLUGINSDIR/nsExec.dll
-
Size
6KB
-
MD5
143e45d5929ba564ba0c3a0773be76e6
-
SHA1
c7e108ad681dd19afc646a43f7ce757388653f57
-
SHA256
8459feb67b7eb0caaaed607e0f36c8d4979abf1bad87e7f1c7c2b97c73174d6d
-
SHA512
1114403b9af202396ffe32610e1160313ff22c488f87b4a8f771d14fda02a954af7beacad5655143dafdf0af9a76b2a0d5c121ef57819e0567c367578482f003
-
SSDEEP
96:T7fhZwXd8KgEbAa9PweF1WxD8ZLMJGgmkN238:0N8KgWAuLWxD8ZAGgmkN
Score3/10 -