General

  • Target

    977f2ac7c4ccb4b8b4a5f961ff2aa6fe.bin.bin

  • Size

    1.1MB

  • Sample

    230501-v5a6aahe25

  • MD5

    2244db9257bce116d0304e37d4a3decb

  • SHA1

    6e89fdef36c64988761572063d14e337fad553b7

  • SHA256

    382cd77eaf4310f37b17ab5e5bf30551bee69c7b376b97730eeff549e828990e

  • SHA512

    4802ce6c5aa0480635e381d8ebb5531ffa091560231472234b12cb5ee378a9ca07695dd5d2acb403031457888760f1c624ae76c213bac63953d73d7283be56ff

  • SSDEEP

    24576:Y77rvBoAP5e1mGwEOfHAtDtqYHN5B3IS6JwXWxc+S9hHOK:Y77BYwEsgt9N7Ynhxo9hHV

Malware Config

Extracted

Family

darkcloud

Attributes

Targets

    • Target

      8e16304b756988b8fedf67c9c0eee38873fa743a2e9beae9bfc7bc44206e6a5d.exe

    • Size

      1.3MB

    • MD5

      977f2ac7c4ccb4b8b4a5f961ff2aa6fe

    • SHA1

      04039b7f69cc9264ad41029b916110bbef44a896

    • SHA256

      8e16304b756988b8fedf67c9c0eee38873fa743a2e9beae9bfc7bc44206e6a5d

    • SHA512

      7f714f944412e68b8743a66fbe5e266f47491bd2178bc34e1192fcf8892563f99af43ae3d07f2a8066fa89a3bd77dd2dfd2ff196444ac9cad924ba98f02540b7

    • SSDEEP

      24576:aTbBv5rUDoZ++AdLAXjXXRQFX8KZ4IXIJJpUUBQjqfYTfz7V2EggiVEoWc:sBpZ+HdUtQSVLzUUZ8V2Egf

    • DarkCloud

      An information stealer written in Visual Basic.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks