General

  • Target

    Cotización.exe.bin

  • Size

    874KB

  • Sample

    230501-w665saef9t

  • MD5

    abc639ad24263a72912ba3f15839039e

  • SHA1

    d5c14920dd29385607133d4994d1e939b21c4f7e

  • SHA256

    a96037d6337c9c5c1b04664b3acdd05a68d6a7d37fd2bf72cd0af58979f49197

  • SHA512

    b6995bc699950383bb4b5b764d221f443cd65dffda45ee7ef56cf8285e255b62bc6c00df3b55e88aa612b4868c3c21453b4e9933a6a529184136d632fa5c859a

  • SSDEEP

    24576:lTx5r2UKXz93oajEra6tn/3oLmbraPDE4:YVmPnAcc

Score
10/10

Malware Config

Extracted

Family

darkcloud

C2

https://api.telegram.org/bot5996552090:AAEM275k6CHYMtVosan4ojg9sUh3Oi7I8wU/sendMessage?chat_id=5069697890

Targets

    • Target

      Cotización.exe.bin

    • Size

      874KB

    • MD5

      abc639ad24263a72912ba3f15839039e

    • SHA1

      d5c14920dd29385607133d4994d1e939b21c4f7e

    • SHA256

      a96037d6337c9c5c1b04664b3acdd05a68d6a7d37fd2bf72cd0af58979f49197

    • SHA512

      b6995bc699950383bb4b5b764d221f443cd65dffda45ee7ef56cf8285e255b62bc6c00df3b55e88aa612b4868c3c21453b4e9933a6a529184136d632fa5c859a

    • SSDEEP

      24576:lTx5r2UKXz93oajEra6tn/3oLmbraPDE4:YVmPnAcc

    Score
    10/10
    • DarkCloud

      An information stealer written in Visual Basic.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks