General

  • Target

    RequestforQuartation.exe.bin

  • Size

    1.7MB

  • Sample

    230505-zqy11sed36

  • MD5

    95a4dd3db43ef316cbb5b49a03bcc3b2

  • SHA1

    4c4ba77fc007950852d3829666ecbe4cfc5d342d

  • SHA256

    7a7d03e12cbbddbed5fb0eda66514036c3989897c2e3b0242a9768a97f3fe19e

  • SHA512

    1e5bf96b8e0d2e818b88ee4e287ee5a4d97d529f85f408fdd78d67afa47c3baf5ed4e118e0ba5cd77236f210104dd42290ed5b2a1a3a22c6bcdc78f9fb71eb05

  • SSDEEP

    24576:1ylUXFiJS5aZh2e44NsqOwM1ghfJxmpq6nXCFRgumQGdtuy32KWTO:1y+E8ih2eWHNgh0yFiFFSylWTO

Score
10/10

Malware Config

Extracted

Family

darkcloud

C2

https://api.telegram.org/bot5955632087:AAGbHX-YygFpBeOiEaTfH9CY-2MMNrZcY48/sendMessage?chat_id=865011046

Targets

    • Target

      RequestforQuartation.exe.bin

    • Size

      1.7MB

    • MD5

      95a4dd3db43ef316cbb5b49a03bcc3b2

    • SHA1

      4c4ba77fc007950852d3829666ecbe4cfc5d342d

    • SHA256

      7a7d03e12cbbddbed5fb0eda66514036c3989897c2e3b0242a9768a97f3fe19e

    • SHA512

      1e5bf96b8e0d2e818b88ee4e287ee5a4d97d529f85f408fdd78d67afa47c3baf5ed4e118e0ba5cd77236f210104dd42290ed5b2a1a3a22c6bcdc78f9fb71eb05

    • SSDEEP

      24576:1ylUXFiJS5aZh2e44NsqOwM1ghfJxmpq6nXCFRgumQGdtuy32KWTO:1y+E8ih2eWHNgh0yFiFFSylWTO

    Score
    10/10
    • DarkCloud

      An information stealer written in Visual Basic.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks