General

  • Target

    Quote1345rev.3.exe

  • Size

    1.4MB

  • Sample

    230505-zqvctsgf7x

  • MD5

    d6d89eff8ae95f17795daf44ddc35389

  • SHA1

    a7cf42f11071fe319b4e73203ca8269fb38f008c

  • SHA256

    fb71b9df885463cb148e10ddad2b81ca883ce2dcc0a7739808a3e5d203f9d00b

  • SHA512

    7228480e71aeca16edbfa221879c931090868eb95a59155520065785573994f201613460c6441861ac2ae575abe74717696fdfc2d14d484310ce723fea19fbc5

  • SSDEEP

    24576:4AETCN6fdDv7X8E7Rf/vj6ksjurjtBEmDUheyX7TFqktKOpnAxWB:Yw61XNxmkQismIhXNtZpAc

Malware Config

Extracted

Family

darkcloud

C2

https://api.telegram.org/bot5955632087:AAGbHX-YygFpBeOiEaTfH9CY-2MMNrZcY48/sendMessage?chat_id=865011046

Targets

    • Target

      Quote1345rev.3.exe

    • Size

      1.4MB

    • MD5

      d6d89eff8ae95f17795daf44ddc35389

    • SHA1

      a7cf42f11071fe319b4e73203ca8269fb38f008c

    • SHA256

      fb71b9df885463cb148e10ddad2b81ca883ce2dcc0a7739808a3e5d203f9d00b

    • SHA512

      7228480e71aeca16edbfa221879c931090868eb95a59155520065785573994f201613460c6441861ac2ae575abe74717696fdfc2d14d484310ce723fea19fbc5

    • SSDEEP

      24576:4AETCN6fdDv7X8E7Rf/vj6ksjurjtBEmDUheyX7TFqktKOpnAxWB:Yw61XNxmkQismIhXNtZpAc

    • DarkCloud

      An information stealer written in Visual Basic.

    • Detects any file with a triage score of 10

      This file has been assigned a triage score of 10, indicating a high likelihood of malicious behavior.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks