General

  • Target

    c6b2e5855e812f01c47f3f3275269d40.bin

  • Size

    1.4MB

  • Sample

    230503-cmhhjadd37

  • MD5

    235ab70b7db9cf5e5c76823ec3deeaa8

  • SHA1

    89679ba0657ae822805482652772116598be0a4b

  • SHA256

    54e760b1c69dd3a057d8d8b3d8177c7b869ba1de0ceef443d2afc2d3ca5ed9dc

  • SHA512

    5ac8ac736e6d1376d804bb0b304df54b04fe071d25f0c1fdbe90eb89b58de7d336966b58a03d66bd19c8190155d486791a4bede288d08d2752ce2da9ea87f5ba

  • SSDEEP

    24576:ZG4yTQ9/QOjssfRP5cv7hrDpRjGSz7uwEljEfr/fX8fvalW6FOhEax:ZG9TQ5jss5POv79jhz7XXP8fv6OhBx

Malware Config

Targets

    • Target

      e69807c8d0056d2e128bf54e1412bea2abd2c89a4f28f8c4562e9fa0eb79c544.exe

    • Size

      1.5MB

    • MD5

      c6b2e5855e812f01c47f3f3275269d40

    • SHA1

      19ca75ef1a3967c45065eb42d9eb4583692608b1

    • SHA256

      e69807c8d0056d2e128bf54e1412bea2abd2c89a4f28f8c4562e9fa0eb79c544

    • SHA512

      dc78f9f6527f6491a39320942f7b63ba9aa3f486936cfafbf40fbd7ed3e7831043f4da21f710916706d2bd873525f21f091c5a1a9cf6f86aeab21a55129b61d8

    • SSDEEP

      24576:iTj8+Woo8grjY06vnHWk+1S2H/7/J++wLr8PJxgi/N6Vh9YLuolkkLe0XdoNQ+TS:iPp38Gn2kWS2HjsBLwxgYNfnLNNoqt

    • DarkCloud

      An information stealer written in Visual Basic.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks