General

  • Target

    PO24666740142023.IMG.bin

  • Size

    1.5MB

  • Sample

    230505-zqdp3sec75

  • MD5

    a39fa900e8f2d23ebb073ff6e3fe36b2

  • SHA1

    efd3329426800d4398e2e4667e7b0944b9433501

  • SHA256

    2633a9aca0a8101f39545e1550bfc268e2fb54bf908ece59d52b3655c12f3a3c

  • SHA512

    fdde313ff3b383f69b86d76f567598ee011b56015bf1125487414c03926a74f547e5f47f7fc275108b8b0c5eabab5f808e2a62c19fd6edb97a1b4f57a06c14c6

  • SSDEEP

    24576:GIwfHLXcqHmsISQPIbMID5K2W+W3Grh9dCHOd:TgHzcBjSiADW3GF9dC

Score
10/10

Malware Config

Extracted

Family

darkcloud

C2

https://api.telegram.org/bot6267068129:AAE4AO_gQGAeEakYl26r7KthrUjdWAdy5c0/sendMessage?chat_id=1909112828

Targets

    • Target

      PO246667.EXE

    • Size

      965KB

    • MD5

      fec478d2dbf1e189bec7b5460d552d68

    • SHA1

      be6d0ae94e8a8fe44226683b95e1704fe5c8c989

    • SHA256

      706c16f29d4d4e71ce3790dc3b1297373fd2485dd3b4535df307fba02083c3e8

    • SHA512

      5927e0076267d64d5e39147964a6ab8facba2908740be2ba6c1d94adb528831fee29f8d02edc68f737df5dbc672e87f9fb820654cc03ef7404f59eb3f749a0b9

    • SSDEEP

      24576:EIwfHLXcqHmsISQPIbMID5K2W+W3Grh9dCHOd:tgHzcBjSiADW3GF9dC

    Score
    10/10
    • DarkCloud

      An information stealer written in Visual Basic.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks