Overview

overview

10

Static

static

3

PURCHASE ORDER.exe

windows7-x64

10

PURCHASE ORDER.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PURCHASE ORDER.exe

  • Size

    934KB

  • Sample

    230718-lh2kaaab7w

  • MD5

    687acf4479fbd86277fdf370e9535e85

  • SHA1

    87411fc5d13aef29b17d5a54cadb4dbb0245d78e

  • SHA256

    e1156b2e6b8500afa5e8a45d46a3420a33be357d5af362a224dc39e253fc720f

  • SHA512

    203804252fd845ee662f191e6961869f9aada361d4b1ad4ab493eb616221babbab5a17f58bc1b6f5dd22ef557b3f90cd491006b26730dd1996d7002a0b7320ac

  • SSDEEP

    24576:RN6GEf3tyqvbEtsJElhBstN+YDFt9/FGm72BZcHuE:b6hfgOQtMB/Hl8hZcHuE

Score
10/10
darkcloudstealer

Malware Config

Extracted

Family

darkcloud

C2

https://api.telegram.org/bot6267068129:AAE4AO_gQGAeEakYl26r7KthrUjdWAdy5c0/sendMessage?chat_id=1909112828

Targets

    • Target

      PURCHASE ORDER.exe

    • Size

      934KB

    • MD5

      687acf4479fbd86277fdf370e9535e85

    • SHA1

      87411fc5d13aef29b17d5a54cadb4dbb0245d78e

    • SHA256

      e1156b2e6b8500afa5e8a45d46a3420a33be357d5af362a224dc39e253fc720f

    • SHA512

      203804252fd845ee662f191e6961869f9aada361d4b1ad4ab493eb616221babbab5a17f58bc1b6f5dd22ef557b3f90cd491006b26730dd1996d7002a0b7320ac

    • SSDEEP

      24576:RN6GEf3tyqvbEtsJElhBstN+YDFt9/FGm72BZcHuE:b6hfgOQtMB/Hl8hZcHuE

    Score
    10/10
    darkcloudstealer

    • DarkCloud

      An information stealer written in Visual Basic.

      stealerdarkcloud

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks