General

  • Target

    8a437b5f22a40f6a67e3482d572a1ee5.bin

  • Size

    1.4MB

  • Sample

    230503-cc9t2adc94

  • MD5

    2e2e3eeec62ead6078382a270fdb9048

  • SHA1

    57c669e2e0942258222180dcd1e9e6a457ff312d

  • SHA256

    e9ab90fe1a2cc38191dc9f1820d50f1c298c912e85fc2b36aa234d67adafc07a

  • SHA512

    194c93446d9ea8436acdbfb1266c0f09f28562cdc4d63b237262289b62cb9dffef69ca783e6f83a21b63ada81d6b7c9f8e417c92a4d7a9dda15b66d77611396a

  • SSDEEP

    24576:U2B9bWlG0e9mOgn1RrxuqEZLynnerRYtpUmMeCn2ZWBY2GDCvLHyrRpH:XB9bWpokn1TSNyZtpUmvCn2ztUHydl

Malware Config

Targets

    • Target

      1818d06ab0cd3441de35fa14c0c981451bfd1139dec6edb7e8699e7d0f9ac8c1.exe

    • Size

      1.6MB

    • MD5

      8a437b5f22a40f6a67e3482d572a1ee5

    • SHA1

      b901960026dfc17af9d36b3bc4d254d88712e90b

    • SHA256

      1818d06ab0cd3441de35fa14c0c981451bfd1139dec6edb7e8699e7d0f9ac8c1

    • SHA512

      e5c6e1f0f4203bba0bf0e57ef85732729ccb6bc14ba5f1c4e5bbeb8236d273b1c2e04cb911d933cb34a3e74c53450ffda934d17f9de73fede3e3128a77b1f409

    • SSDEEP

      24576:4Pm1kT7yByn1KTLTHsVsv9lFajXfrZlt08JvtY+3TBD6l2X:jWTRSLzsVIjerF0se+3lDS2X

    • DarkCloud

      An information stealer written in Visual Basic.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks