General
-
Target
06052025_1642_PAYMENT CONFIRMATION SWIFT COPY_001174506_2025_pdf.txz
-
Size
596KB
-
Sample
250506-t74d6sgp7x
-
MD5
086828ff33a50535bec194437c7563b2
-
SHA1
e6327e9f2054693a782f17b5413f1b334132e23c
-
SHA256
0bdfe3913dfc9d68494bd31cda2a82afacf58177019731c80317a111016aa1c0
-
SHA512
398145e3938c334c493c9c9ff82d056cff8abf6f79157bace5915d03c41746bb192da86c5d1ce621563723b43388878a16841a142a5b381d5883f5e82fdcf067
-
SSDEEP
12288:9ce6Ps8hLswqYQcnM2HLDH5UDf6t/maCw+5H4BiY9:9c3suLsiQWHo64ajuQ7
Static task
static1
Behavioral task
behavioral1
Sample
PAYMENT CONFIRMATION SWIFT COPY_001174506_2025_pdf.exe
Resource
win10v2004-20250502-en
Behavioral task
behavioral2
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10v2004-20250506-en
Malware Config
Targets
-
-
Target
PAYMENT CONFIRMATION SWIFT COPY_001174506_2025_pdf.exe
-
Size
675KB
-
MD5
b92a69cfc75604cf52d2c91de5beeb41
-
SHA1
97e61c826ba386bde3334292a06f3f02e593ebd6
-
SHA256
36beff46ab3d106425cd35964595805f179b1fcd0400f8407bbdcbc3480b70c0
-
SHA512
f9dced2ec5824c62fffdb91eb67055453ffba9fc7cb6f414c9cb0d28564570d361a96a25199d073d7048c679b2383c6089360061b2273e81cec97c8f0179d46b
-
SSDEEP
12288:rEIzsB0Z2Pm7PLVbf28anA3i0bbYcvPeZALqygs+AglGE:m0kPIl83gcCeu5+Ag
Score10/10-
Darkcloud family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Blocklisted process makes network request
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
$PLUGINSDIR/nsExec.dll
-
Size
6KB
-
MD5
98bdb37511634dad8d1236d91d373b26
-
SHA1
778cf74b4f8860cc378fa4e61aeba318197783ce
-
SHA256
938580b466533dfa1461e9858fd106b60e1a52b713380915cc03afd3e4b4573c
-
SHA512
5a7a903c2346750f20c0b41ceb6259bc7a5c9c6779acfeef94e0cea756aebabef58fdd83389353a165530279ec74ff20b903fc9a11acf475ef9471bd5e8d140e
-
SSDEEP
96:CjHFiKaoggCtJzTlKXb0tbo68qD853Ns7GgmkND3m+s:nbogRtJzTlNR8qD85uGgmkNK
Score3/10 -