General

  • Target

    REQUSET FOR QUOTATION.exe

  • Size

    1.4MB

  • Sample

    230508-m6b5zaca9t

  • MD5

    f039cad76ad3bf2ec8bd5143f86319d4

  • SHA1

    af481ed8f7f97787ec9e7f772cac808b5c946314

  • SHA256

    1d4eb9077c97b5ad001206eff72789b01386a2c253d34875fa1c1acb716e2e56

  • SHA512

    b516d4ff7249461727a02b2e763093f7fd482b51e5a51fbd4f8d51f0858598794ea48008d5351242b295b4d19f4ff99af110dc69de59acc606d33ad3d9ddb41f

  • SSDEEP

    24576:hM3tRebt6C/vnTFnmQGJa95viDoO6Q3M8hrbR61pMYY5CnFz/9nKT:hM3tgb1FyJ2iDoD8hrbRSwszlnq

Malware Config

Extracted

Family

darkcloud

C2

https://api.telegram.org/bot5955632087:AAGbHX-YygFpBeOiEaTfH9CY-2MMNrZcY48/sendMessage?chat_id=865011046

Targets

    • Target

      REQUSET FOR QUOTATION.exe

    • Size

      1.4MB

    • MD5

      f039cad76ad3bf2ec8bd5143f86319d4

    • SHA1

      af481ed8f7f97787ec9e7f772cac808b5c946314

    • SHA256

      1d4eb9077c97b5ad001206eff72789b01386a2c253d34875fa1c1acb716e2e56

    • SHA512

      b516d4ff7249461727a02b2e763093f7fd482b51e5a51fbd4f8d51f0858598794ea48008d5351242b295b4d19f4ff99af110dc69de59acc606d33ad3d9ddb41f

    • SSDEEP

      24576:hM3tRebt6C/vnTFnmQGJa95viDoO6Q3M8hrbR61pMYY5CnFz/9nKT:hM3tgb1FyJ2iDoD8hrbRSwszlnq

    • DarkCloud

      An information stealer written in Visual Basic.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks