General

  • Target

    DHLShippingAWBDocuments.exe

  • Size

    936KB

  • Sample

    230505-ytgqgabe49

  • MD5

    da4b64c9b99a099fc8f1e776a51c89fb

  • SHA1

    f978f04c41cd2a4595a162217f32f86700715428

  • SHA256

    122c811019fc78d9c872d90ee4b7d21d923a6539980bc30f9d246b0b66003642

  • SHA512

    c1541db0511d28f0c791a829d63325a895528d8d427581375c80d1238ecb9e09ff360357d442cd4eb499cd7cbc3f689cdbc1ad3ea8f9205df9d68d50ca305b98

  • SSDEEP

    24576:yS1t1zQwT6Qrja6XIgwXL5xpvtkOsHzdkVs4GH:1ZzQk6QrjAlXrAz2Vs4o

Score
10/10

Malware Config

Extracted

Family

darkcloud

C2

https://api.telegram.org/bot6220925905:AAFbd3Et4YQi4C1WTvNkPbMsAOdz5c8giT0/sendMessage?chat_id=5463149861

Targets

    • Target

      DHLShippingAWBDocuments.exe

    • Size

      936KB

    • MD5

      da4b64c9b99a099fc8f1e776a51c89fb

    • SHA1

      f978f04c41cd2a4595a162217f32f86700715428

    • SHA256

      122c811019fc78d9c872d90ee4b7d21d923a6539980bc30f9d246b0b66003642

    • SHA512

      c1541db0511d28f0c791a829d63325a895528d8d427581375c80d1238ecb9e09ff360357d442cd4eb499cd7cbc3f689cdbc1ad3ea8f9205df9d68d50ca305b98

    • SSDEEP

      24576:yS1t1zQwT6Qrja6XIgwXL5xpvtkOsHzdkVs4GH:1ZzQk6QrjAlXrAz2Vs4o

    Score
    10/10
    • DarkCloud

      An information stealer written in Visual Basic.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks