General

  • Target

    PI SGC-K230426023.zip

  • Size

    708KB

  • Sample

    230509-ha681sge2v

  • MD5

    406034d9160fa724d58ad96bf56c03e3

  • SHA1

    5201c304b0f27fecaad124993f1f97e4e5a857b3

  • SHA256

    8055225bdea026516c1033def8288368ad7573c9cdaa418b824292871040d956

  • SHA512

    0f8aad96a1ab6bbe0bb65b01efe5c5a9a2b776ae777e6ee79921e4d484953e4c792bb25d2cbe48b550c4af16235ef03c5a6a52f531db86c3b543e2b8f6cdd90a

  • SSDEEP

    12288:PSGEa//8rMVM5SNGX22Jg2GPjTOUz9zkPXKV5j0Qfh91l39hu9UOqMbwopQa4Zwn:PSxcnVXIfghOEhIXKV5j00hJ39SDJUxi

Score
10/10

Malware Config

Extracted

Family

darkcloud

Attributes

Targets

    • Target

      PI SGC-K230426023.exe

    • Size

      827KB

    • MD5

      6a40ac03685ec1d75e47a390bfe40cf9

    • SHA1

      10b9fc4cbd0ca22be3c5ea865aa0eaa279fb01c4

    • SHA256

      cea471b18f25770dc19304e536ca3926c0fbf161c6f64aa018cd077a8a150a1b

    • SHA512

      8f2e7d8a153714923454e8f2e7c91e79398bdffd0fa75853740daa10bdc99e9ad786564f5d45f63e8b286589d0fc5964ddad8fbf4c6a9ac6cb91f400544e4e48

    • SSDEEP

      12288:ESwETO+ruVMHSNGXi2Jg2q2yGlMOnABf8pwtp90Qfh91BueklL/sjDyZw6oVxj8d:ESxTONVzITgh8QRtj00hMekJzZw6Yj

    Score
    10/10
    • DarkCloud

      An information stealer written in Visual Basic.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks