General

  • Target

    PO246667.EXE.bin

  • Size

    965KB

  • Sample

    230505-zqc4jsgf2y

  • MD5

    fec478d2dbf1e189bec7b5460d552d68

  • SHA1

    be6d0ae94e8a8fe44226683b95e1704fe5c8c989

  • SHA256

    706c16f29d4d4e71ce3790dc3b1297373fd2485dd3b4535df307fba02083c3e8

  • SHA512

    5927e0076267d64d5e39147964a6ab8facba2908740be2ba6c1d94adb528831fee29f8d02edc68f737df5dbc672e87f9fb820654cc03ef7404f59eb3f749a0b9

  • SSDEEP

    24576:EIwfHLXcqHmsISQPIbMID5K2W+W3Grh9dCHOd:tgHzcBjSiADW3GF9dC

Score
10/10

Malware Config

Extracted

Family

darkcloud

C2

https://api.telegram.org/bot6267068129:AAE4AO_gQGAeEakYl26r7KthrUjdWAdy5c0/sendMessage?chat_id=1909112828

Targets

    • Target

      PO246667.EXE.bin

    • Size

      965KB

    • MD5

      fec478d2dbf1e189bec7b5460d552d68

    • SHA1

      be6d0ae94e8a8fe44226683b95e1704fe5c8c989

    • SHA256

      706c16f29d4d4e71ce3790dc3b1297373fd2485dd3b4535df307fba02083c3e8

    • SHA512

      5927e0076267d64d5e39147964a6ab8facba2908740be2ba6c1d94adb528831fee29f8d02edc68f737df5dbc672e87f9fb820654cc03ef7404f59eb3f749a0b9

    • SSDEEP

      24576:EIwfHLXcqHmsISQPIbMID5K2W+W3Grh9dCHOd:tgHzcBjSiADW3GF9dC

    Score
    10/10
    • DarkCloud

      An information stealer written in Visual Basic.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks