Overview

overview

10

Static

static

3

Factura 1572023.exe

windows7-x64

10

Factura 1572023.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    105s
  • max time network
    76s
  • platform
    windows7_x64
  • resource
    win7-20230703-en
  • resource tags

    arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
  • submitted
    07/07/2023, 15:32

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Factura 1572023.exe

  • Size

    892KB

  • MD5

    4f310117d805982c98ab5f72b9d57226

  • SHA1

    9b5893de7d40ec9383440baa7a05afc557e58a1d

  • SHA256

    9c107eb970d14a5cb4e2232970451d0192b13bd87c7b231ac327bbafbacbb729

  • SHA512

    62ca489401a3feb56527d0bec1e79cf98f7228d59af1ab6ac03f3eca8345a49c8c4f8cba0f1fbdfc227bd83cc32fee801e3ef126b777d04f4e28d4b5094e9f57

  • SSDEEP

    24576:igjjk9YVRXPbYCwy7sRm6IvivgnwlLlMxleBpyeTV:HfVRXjxN7sRm6IagwlylCb

Score
10/10
darkcloudstealer

Malware Config

Extracted

Family

darkcloud

C2

https://api.telegram.org/bot604988038:AAHbCIrKg0mPOZkWXVnoaV9KsVWEMxXjp0M/sendMessage?chat_id=2126102657

Signatures

  • DarkCloud

    An information stealer written in Visual Basic.

    stealerdarkcloud
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Factura 1572023.exe
    "C:\Users\Admin\AppData\Local\Temp\Factura 1572023.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2820
    • C:\Users\Admin\AppData\Local\Temp\Factura 1572023.exe
      "C:\Users\Admin\AppData\Local\Temp\Factura 1572023.exe"
      2⤵
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2012

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2012-64-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2012-65-0x0000000000400000-0x0000000000473000-memory.dmp

          Filesize

          460KB

          Download

        • memory/2012-71-0x0000000000400000-0x0000000000473000-memory.dmp

          Filesize

          460KB

          Download

        • memory/2012-61-0x0000000000400000-0x0000000000473000-memory.dmp

          Filesize

          460KB

          Download

        • memory/2012-67-0x0000000000400000-0x0000000000473000-memory.dmp

          Filesize

          460KB

          Download

        • memory/2012-60-0x0000000000400000-0x0000000000473000-memory.dmp

          Filesize

          460KB

          Download

        • memory/2012-62-0x0000000000400000-0x0000000000473000-memory.dmp

          Filesize

          460KB

          Download

        • memory/2012-70-0x0000000000400000-0x0000000000473000-memory.dmp

          Filesize

          460KB

          Download

        • memory/2820-55-0x0000000004C60000-0x0000000004CA0000-memory.dmp

          Filesize

          256KB

          Download

        • memory/2820-54-0x0000000000F60000-0x0000000001046000-memory.dmp

          Filesize

          920KB

          Download

        • memory/2820-59-0x00000000057A0000-0x0000000005852000-memory.dmp

          Filesize

          712KB

          Download

        • memory/2820-58-0x00000000008B0000-0x00000000008BC000-memory.dmp

          Filesize

          48KB

          Download

        • memory/2820-57-0x0000000004C60000-0x0000000004CA0000-memory.dmp

          Filesize

          256KB

          Download

        • memory/2820-56-0x00000000004E0000-0x00000000004EC000-memory.dmp

          Filesize

          48KB

          Download