General
-
Target
08052025_0142_06052025_Urgent Inquiry.pdf.txz
-
Size
603KB
-
Sample
250508-b4t28ayrt8
-
MD5
355614a8adfed510b2c094dcdfd33d4d
-
SHA1
1b07ad0772bfd55298124da7f4ba86f4ebe5406b
-
SHA256
5887935c2890696501d664c20ed8b59b604800c017d748f543893ad8044c79ef
-
SHA512
f21ab8992fb17bdca03720b89f42236d7e4db8ffd06599a3fe5ea2cc2468d8c72a3e853fefc8464b9146fc0bc828a7e25e408cf1a7c56799cecde5ba5bce16c8
-
SSDEEP
12288:ZcwpyEhoq6d0kP1BG6/HwO0H0d1JbNSvNkVC6dxbJCjfglwPGU0f:Zchq5CJ/HwDgxNSlafd/2QP
Static task
static1
Behavioral task
behavioral1
Sample
Urgent Inquiry.pdf.exe
Resource
win10v2004-20250502-en
Behavioral task
behavioral2
Sample
Urgent Inquiry.pdf.exe
Resource
win11-20250502-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10v2004-20250502-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/nsExec.dll
Resource
win11-20250502-en
Malware Config
Targets
-
-
Target
Urgent Inquiry.pdf.exe
-
Size
682KB
-
MD5
a346d84d354b9671636a7c4d211c902d
-
SHA1
a25533d33633c6c170f73a78c9a2cfce1042a0a9
-
SHA256
78d3f4aa79f1212e0790aae90cf50d8cf757a76ff082b8be0360c0a7641721b9
-
SHA512
5e3d7b10d5a021fd3d435a3bb4544091663741fc9bb1913283e30ba9821cb0d630da95039405c46e7cddac389fa8eacd03d7aaaf92c1b65ce7e636a54d4c8ace
-
SSDEEP
12288:rEIzsB0Z2P8aeWGEOioqyO41wGN63RQ3D6mR3+oqfvJFyzIlAglGT:m0kP2WPOi4Oyw3YJ7YJFHAn
-
Darkcloud family
-
Loads dropped DLL
-
Blocklisted process makes network request
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
$PLUGINSDIR/nsExec.dll
-
Size
6KB
-
MD5
98bdb37511634dad8d1236d91d373b26
-
SHA1
778cf74b4f8860cc378fa4e61aeba318197783ce
-
SHA256
938580b466533dfa1461e9858fd106b60e1a52b713380915cc03afd3e4b4573c
-
SHA512
5a7a903c2346750f20c0b41ceb6259bc7a5c9c6779acfeef94e0cea756aebabef58fdd83389353a165530279ec74ff20b903fc9a11acf475ef9471bd5e8d140e
-
SSDEEP
96:CjHFiKaoggCtJzTlKXb0tbo68qD853Ns7GgmkND3m+s:nbogRtJzTlNR8qD85uGgmkNK
Score3/10 -