General

  • Target

    2.exe

  • Size

    1.4MB

  • Sample

    230508-qa5desce5z

  • MD5

    fa6eefd769490dbd1ba36eb870226603

  • SHA1

    50b600cf1b90502de2489759c214343eb669f899

  • SHA256

    a27073fa1c77f7edd0c4c5eacc53465c141674be1d0f484165f0399b52ee631e

  • SHA512

    28bdb6ad660cdba5d479de7e61ca1245cfcb1c8232d910e198be3df3ae5a6879479482080adb3af0532ff7ae6eda5a99bdb124ab25764bec79c7559ac2ea71d2

  • SSDEEP

    24576:Hb81ccmG2TpGx72n4jduA8iH35maWZc5LU9o740oUH53rlHb4j:HbMcPG2Tgx7Y4jduAtH3Qa1UT0Zxlc

Malware Config

Extracted

Family

darkcloud

C2

https://api.telegram.org/bot5955632087:AAGbHX-YygFpBeOiEaTfH9CY-2MMNrZcY48/sendMessage?chat_id=865011046

Targets

    • Target

      2.exe

    • Size

      1.4MB

    • MD5

      fa6eefd769490dbd1ba36eb870226603

    • SHA1

      50b600cf1b90502de2489759c214343eb669f899

    • SHA256

      a27073fa1c77f7edd0c4c5eacc53465c141674be1d0f484165f0399b52ee631e

    • SHA512

      28bdb6ad660cdba5d479de7e61ca1245cfcb1c8232d910e198be3df3ae5a6879479482080adb3af0532ff7ae6eda5a99bdb124ab25764bec79c7559ac2ea71d2

    • SSDEEP

      24576:Hb81ccmG2TpGx72n4jduA8iH35maWZc5LU9o740oUH53rlHb4j:HbMcPG2Tgx7Y4jduAtH3Qa1UT0Zxlc

    • DarkCloud

      An information stealer written in Visual Basic.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks