General

  • Target

    PURCHASE ORDER- REF QTE-2314329.7z

  • Size

    823KB

  • Sample

    230526-nte7jafc42

  • MD5

    5b64ea805cc0624fd7928c6936556573

  • SHA1

    7dd00b40fbe2b7d0316574b03216358c4a06de82

  • SHA256

    039abdc271621646e3a6d347f08b7a23223c9e4772a9059d44e0a9d5d0ee01d4

  • SHA512

    3ddb30372a56256e0b90d1dbd88aa2a82b56e0971e1d97ef90eb5e6ff57be8049b2f08f9e1eaee1eeddf7e4ef1561e6630427f85abc5d6cf4db6515175d22a6f

  • SSDEEP

    12288:Cc44fiz+cteztwC9Jh4bdqSNgjwe+kZj1771y3R7lc1qKdMKHwhb5p5U61pNfa:F4mctUwOgqSNgjwe7ykgyMKkf5UMLC

Score
10/10

Malware Config

Extracted

Family

darkcloud

Attributes
  • email_from

    hotel2@hotelzing.net

  • email_to

    newgrow.tech@protonmail.com

Targets

    • Target

      purchase order.exe

    • Size

      916KB

    • MD5

      3f626f64cf5f7196bc812ff1814d95f6

    • SHA1

      c7dcf05df40dc04d4f9af38ef7a887ffde68abb5

    • SHA256

      f6a82d751b2c63e135488686a43c60f35c2cda54a5599f450d4c123043e3c6b2

    • SHA512

      ecf5aca2cfc774557f1170d5ba73115a3240831b2b1bf2c7c43b8dd8b2965450efd7c25ed71b0bb0a7e28931ecb5cd614c1cf5c3fc318ca2c891813983856413

    • SSDEEP

      12288:KOCmzZBEP85QaC9JhmbdqSNhjwl+eZj17y1a3RplcyqKdxKHwhj5p5U61aNf:h9BEP83O6qSNhjwtIa2DyxKkf5UMM

    Score
    10/10
    • DarkCloud

      An information stealer written in Visual Basic.

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scripting

1
T1064

Defense Evasion

Scripting

1
T1064

Tasks