General

  • Target

    d6d89eff8ae95f17795daf44ddc35389.bin

  • Size

    1.3MB

  • Sample

    230505-ylmxhsch6v

  • MD5

    5716d9f26cdce3f66befc21d562b2c56

  • SHA1

    7199960462f36e923b0f5dd089eb21a9f97e1945

  • SHA256

    a101773d8d31986b39a648482c20a3059efacb9a035aeef739ab3556cee37bd1

  • SHA512

    588717309dc89887ff7018a20cc845cebbdad660a628b73d4f453daca4ce962e0108d99196dc663e68b137127e000e4f296e7be649b341ae850ceea8e5de3aa0

  • SSDEEP

    24576:sOb3y4o5UdOeTuvx2yuzg5wp3gmPHAk4zLGClhYYncV0HW+q9ejVP6DC6hHmu:hFo5UipubgcWfGgtnO0HpZP4PhH1

Malware Config

Extracted

Family

darkcloud

C2

https://api.telegram.org/bot5955632087:AAGbHX-YygFpBeOiEaTfH9CY-2MMNrZcY48/sendMessage?chat_id=865011046

Targets

    • Target

      fb71b9df885463cb148e10ddad2b81ca883ce2dcc0a7739808a3e5d203f9d00b.exe

    • Size

      1.4MB

    • MD5

      d6d89eff8ae95f17795daf44ddc35389

    • SHA1

      a7cf42f11071fe319b4e73203ca8269fb38f008c

    • SHA256

      fb71b9df885463cb148e10ddad2b81ca883ce2dcc0a7739808a3e5d203f9d00b

    • SHA512

      7228480e71aeca16edbfa221879c931090868eb95a59155520065785573994f201613460c6441861ac2ae575abe74717696fdfc2d14d484310ce723fea19fbc5

    • SSDEEP

      24576:4AETCN6fdDv7X8E7Rf/vj6ksjurjtBEmDUheyX7TFqktKOpnAxWB:Yw61XNxmkQismIhXNtZpAc

    • DarkCloud

      An information stealer written in Visual Basic.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks