General

  • Target

    PI SGC-K230426023.exe

  • Size

    827KB

  • Sample

    230509-cbtresdg96

  • MD5

    6a40ac03685ec1d75e47a390bfe40cf9

  • SHA1

    10b9fc4cbd0ca22be3c5ea865aa0eaa279fb01c4

  • SHA256

    cea471b18f25770dc19304e536ca3926c0fbf161c6f64aa018cd077a8a150a1b

  • SHA512

    8f2e7d8a153714923454e8f2e7c91e79398bdffd0fa75853740daa10bdc99e9ad786564f5d45f63e8b286589d0fc5964ddad8fbf4c6a9ac6cb91f400544e4e48

  • SSDEEP

    12288:ESwETO+ruVMHSNGXi2Jg2q2yGlMOnABf8pwtp90Qfh91BueklL/sjDyZw6oVxj8d:ESxTONVzITgh8QRtj00hMekJzZw6Yj

Score
10/10

Malware Config

Extracted

Family

darkcloud

Attributes

Targets

    • Target

      PI SGC-K230426023.exe

    • Size

      827KB

    • MD5

      6a40ac03685ec1d75e47a390bfe40cf9

    • SHA1

      10b9fc4cbd0ca22be3c5ea865aa0eaa279fb01c4

    • SHA256

      cea471b18f25770dc19304e536ca3926c0fbf161c6f64aa018cd077a8a150a1b

    • SHA512

      8f2e7d8a153714923454e8f2e7c91e79398bdffd0fa75853740daa10bdc99e9ad786564f5d45f63e8b286589d0fc5964ddad8fbf4c6a9ac6cb91f400544e4e48

    • SSDEEP

      12288:ESwETO+ruVMHSNGXi2Jg2q2yGlMOnABf8pwtp90Qfh91BueklL/sjDyZw6oVxj8d:ESxTONVzITgh8QRtj00hMekJzZw6Yj

    Score
    10/10
    • DarkCloud

      An information stealer written in Visual Basic.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks