General

  • Target

    802d6d33017d5b8e3d12e9fd14aa7e90.bin

  • Size

    811KB

  • Sample

    230507-b2f3ksaa89

  • MD5

    a5b7f2d5221ae4365741adc6cf4a31b8

  • SHA1

    251e05c36bceb4a2ddb1af0eb4182dd7bbef5ed7

  • SHA256

    ca730d4bfc81beccd02b91115b9d9ac8e5ef865be7aa59233bc6b7f28b964aad

  • SHA512

    0a5285d77c4bbc3b24fc74fb759bf2ce080f9d611b1203970dec8a16df7f126280e03a6dc0ec5309d0f1d526a7e42af0f0f21cfb2cdd18334c8e96b109bd3281

  • SSDEEP

    12288:50tjdit+c2kNQfePjJe28rkczdGxEx8LiakVS26AqkuV9iBiKJRp:50r1c1OfRzoczQxEx8Lii26AqkuJKvp

Score
10/10

Malware Config

Extracted

Family

darkcloud

C2

https://api.telegram.org/bot5261540771:AAHpybxDtEnwQtX4w7iGcSpo7-vbVF4FJuk/sendMessage?chat_id=5130831629

Targets

    • Target

      329bfbc17f60438f764561d6b097d7fe15216e3bf6266e5be934440cec3df4e7.exe

    • Size

      990KB

    • MD5

      802d6d33017d5b8e3d12e9fd14aa7e90

    • SHA1

      3efce908f51dd11f8a4c3f717899098c43beb2f7

    • SHA256

      329bfbc17f60438f764561d6b097d7fe15216e3bf6266e5be934440cec3df4e7

    • SHA512

      12b3e599c3c9e3043e4448d26e9c0c23ab384d8aba0a8bf8d4a7f02c54d4de4a84ed5494e2b475662fb851b7b9d899c41ca536ad7944496a812c5437e3ed5c95

    • SSDEEP

      12288:R7Dla7UbY4D31Yp7vdyonbI2xmUKBdsTGBFkK+ZdUuE9WF0wowPD5JPy1CjX:R1c40pJbPJK4i8Z2u/0Pw751v7

    Score
    10/10
    • DarkCloud

      An information stealer written in Visual Basic.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks