General

  • Target

    268-63-0x0000000000400000-0x0000000000490000-memory.dmp

  • Size

    576KB

  • MD5

    b86754f54a97bcdee8d1e601120c7660

  • SHA1

    4fe79060bf7c9463903a52aefeb604936ff86198

  • SHA256

    f73e86010253cd19d3969de3b2baea40c760cf5bb746e2fdfa0018657eea5f0f

  • SHA512

    05815e4659b018f0ab4ace90711fbf7fce0d617ffb86f3b36a64e068b280aea99d66c0c11e7ed0be8ce3313ce6fcfc7d9403cb49ba3d0ee501b4f6ae16c4531d

  • SSDEEP

    12288:YQzvdLDYrNVnIgEVxDoH3Fmf5ADrvmsEw:/xYrNVn5EVxUHVmf5ADrvmsE

Score
10/10

Malware Config

Extracted

Family

darkcloud

C2

https://api.telegram.org/bot5910132523:AAEKRc8fOn4WgyrXgHzd8WfRx78_lEgkCaI/sendMessage?chat_id=5877439820

Signatures

  • Darkcloud family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 268-63-0x0000000000400000-0x0000000000490000-memory.dmp
    .exe windows x86

    c55b1fe0a9dc8993239aeb0b81c42b35


    Headers

    Imports

    Sections