General

  • Target

    payment copy.exe

  • Size

    339KB

  • Sample

    230719-n456pseb93

  • MD5

    157b32a3be2d4086e30791c096ac89d3

  • SHA1

    e391ef105902acff54e472bd28f59d3989f10137

  • SHA256

    500546314c612ba53f7c5ba4a2a48fefc627f967d885628887a39b253ca84ea2

  • SHA512

    50fbb3866841524e14b9d5f1a3e030606ef043ea26362cebf98a769ef156f81e2a2f5eba73dc507c2b790a51bff5734cb4cabf067cbc68a62d8a4fb7679119ff

  • SSDEEP

    6144:/Ya6E2BEfPv9jEthOTJHr8a/zcG/YH85Ij3ASl7cdPPUqSt+0Qod7qmByte:/YaAwPv9jEthOTdD/e85ZSydPPAt2odV

Malware Config

Extracted

Family

darkcloud

Attributes

Targets

    • Target

      payment copy.exe

    • Size

      339KB

    • MD5

      157b32a3be2d4086e30791c096ac89d3

    • SHA1

      e391ef105902acff54e472bd28f59d3989f10137

    • SHA256

      500546314c612ba53f7c5ba4a2a48fefc627f967d885628887a39b253ca84ea2

    • SHA512

      50fbb3866841524e14b9d5f1a3e030606ef043ea26362cebf98a769ef156f81e2a2f5eba73dc507c2b790a51bff5734cb4cabf067cbc68a62d8a4fb7679119ff

    • SSDEEP

      6144:/Ya6E2BEfPv9jEthOTJHr8a/zcG/YH85Ij3ASl7cdPPUqSt+0Qod7qmByte:/YaAwPv9jEthOTdD/e85ZSydPPAt2odV

    • DarkCloud

      An information stealer written in Visual Basic.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks