General

  • Target

    9644c370f8d029005b9ab653ab47487d24fcd626abb3f34157e2fe31e617edc4.zip

  • Size

    1.4MB

  • Sample

    230502-zrghcsce55

  • MD5

    e1cd1c8fda19b21a8144edccf4d09a23

  • SHA1

    838654cdbf4b15c878d1e708f8e15d95e2d4ef3b

  • SHA256

    36864955c9625d6ca1dd185cf9c38f8c312e0491ebfc1852b2373b9410303f51

  • SHA512

    d9cea50a8417777f28c6e9435d3e7482669abbd52495ce420509eb3a990f5e4ff08b0bdb69db6b77ae2cbe69ada592e31ac14e3aa5a5982fa75bbcd5a0d0456f

  • SSDEEP

    24576:vvbTlN3Q49LRpnWynAlxuF+dwrLIgoaF0ISNVpR6D8DyFv7Gi4ul:fHQeRkyUxuQdw4goyhS68svz4ul

Malware Config

Targets

    • Target

      9644c370f8d029005b9ab653ab47487d24fcd626abb3f34157e2fe31e617edc4.exe

    • Size

      1.5MB

    • MD5

      9b2f59561115406e4be61403a0add295

    • SHA1

      3068c0d984638b73a75f568cb49557543c344b59

    • SHA256

      9644c370f8d029005b9ab653ab47487d24fcd626abb3f34157e2fe31e617edc4

    • SHA512

      47f9b8352c0f75decbdd3734ae1916cdcd1720406b442f5210166e703585b12edafad569a7f687c8c66741aa786a6319e382aa95c83580ced345768dbd3ab939

    • SSDEEP

      24576:jQ3UElRshsEyPyG7cYYKLTl8+oyVryispex6Cn1rwUMpuPpowgbeazV32JNBJOmB:s3UElq6EyPF6KLJlBxscfrwVuPpyzmh/

    • DarkCloud

      An information stealer written in Visual Basic.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks