General

  • Target

    QUOTATION.exe

  • Size

    491KB

  • Sample

    230503-m19t2sed74

  • MD5

    b8e0e72430e20da6c0ff11c6a5065f6a

  • SHA1

    21aaff49823201547156f8e049a555b74fe20dd3

  • SHA256

    5bdfd06cea2716483b1232ac20b4a2038603769b029e218e63b328e4975e5adf

  • SHA512

    f4e3d83a9569f41a1f4e99cacc765330a23a317c0fd944f42d776604f607c286bae4f5740d1ab832cc7921a46bddd5c2f2bae5197048d179566d0a55a38a5a7d

  • SSDEEP

    6144:qYa6RSRUmYyWpYDgYK+iXotnpAueq0ezdxITM6+SGN1yHYJdo0Hexvw/qofHg8Gp:qYSRU7YfsEn+ut0YI3Yc4BH9/qgwoklT

Score
10/10

Malware Config

Extracted

Family

darkcloud

C2

https://api.telegram.org/bot6297321364:AAGrqCx2JSNrLhdAS1lpDcwQJhzQ_stCOgM/sendMessage?chat_id=882017182

Targets

    • Target

      QUOTATION.exe

    • Size

      491KB

    • MD5

      b8e0e72430e20da6c0ff11c6a5065f6a

    • SHA1

      21aaff49823201547156f8e049a555b74fe20dd3

    • SHA256

      5bdfd06cea2716483b1232ac20b4a2038603769b029e218e63b328e4975e5adf

    • SHA512

      f4e3d83a9569f41a1f4e99cacc765330a23a317c0fd944f42d776604f607c286bae4f5740d1ab832cc7921a46bddd5c2f2bae5197048d179566d0a55a38a5a7d

    • SSDEEP

      6144:qYa6RSRUmYyWpYDgYK+iXotnpAueq0ezdxITM6+SGN1yHYJdo0Hexvw/qofHg8Gp:qYSRU7YfsEn+ut0YI3Yc4BH9/qgwoklT

    Score
    10/10
    • DarkCloud

      An information stealer written in Visual Basic.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks