General

  • Target

    3d1072986b88dc6184e40ba0df6acfc2.bin

  • Size

    1.5MB

  • Sample

    230506-b51ldshg3y

  • MD5

    3962efb4e3c2f50de3bd0c4ef9ebb471

  • SHA1

    d1019aeebddda89441479f1d0b4d1b7124d82cb9

  • SHA256

    bb7b7de5736ff17b431e23759c77be1f5aecd12784ce5c81b49aef87370d87d5

  • SHA512

    94f83a462d80be6c9aa4e4bce69c92d775edec8fb2a5e37865a6564f2fb92d7336f7eceb947688a534dcaada5add36c2dc220e365a9ac600c8752ce93dee826f

  • SSDEEP

    24576:pEqyK1AsTu9wqwFJB7mDCEy/WUSKbXwZi8dr08aJr+FUrsCzW4J3svocIP9:pEq/A1SXFJZQy/WBKDwMQQ84+KrsyW4T

Malware Config

Extracted

Family

darkcloud

C2

https://api.telegram.org/bot5955632087:AAGbHX-YygFpBeOiEaTfH9CY-2MMNrZcY48/sendMessage?chat_id=865011046

Targets

    • Target

      8992b94e147a940a1da05b11631e28202c50840902fa372690485b49c415e4b5.exe

    • Size

      1.6MB

    • MD5

      3d1072986b88dc6184e40ba0df6acfc2

    • SHA1

      3dced4443af3c9591c948c827ac5b02bd0d31029

    • SHA256

      8992b94e147a940a1da05b11631e28202c50840902fa372690485b49c415e4b5

    • SHA512

      6b072f7e1b617a1426faeffdc14b80259f2601f29f5df65953694917cfa9611379976424ec37ffe3d139f5abd1bff02146d968f6a47d96d57ab4de1bb32a626b

    • SSDEEP

      24576:rPKokfY5HGAg4y2oLeeHlQFwSohxt3jIwYg94ZIgUZ8K5BEuww4sXpA5jp9DTS2I:LZWY5mz4yJSfu/9IwYgeJuw7sX0jpd

    • DarkCloud

      An information stealer written in Visual Basic.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks