General

  • Target

    payment copy.zip

  • Size

    324KB

  • Sample

    230719-n914yaeg81

  • MD5

    2beb4f208d4706f75d280ed90db1fddd

  • SHA1

    e446e9e9e063d42b742ce3c850c8b760905c0b41

  • SHA256

    b5ed694869ce7b707583fbd633e3ae3d1d9e5fb305d2da3204c9e99a1599812e

  • SHA512

    f3b59c51813d59aafc2de5b3c8a6b1dcace8981a45146825cb51c7255f14b992bba8aba2573ff5e54f03077f43d7ee4e22c70fe004bafd0ccf46a4ea1d78bd52

  • SSDEEP

    6144:MpU8PLmCMEjPv99EhpOnJHf8a/zuG/+H89IjtASl7mdPPYqSto0mo371mBytU:WPLqSPv99EhpOn19/g89xSodPPktWo3+

Malware Config

Extracted

Family

darkcloud

Attributes

Targets

    • Target

      payment copy.exe

    • Size

      339KB

    • MD5

      157b32a3be2d4086e30791c096ac89d3

    • SHA1

      e391ef105902acff54e472bd28f59d3989f10137

    • SHA256

      500546314c612ba53f7c5ba4a2a48fefc627f967d885628887a39b253ca84ea2

    • SHA512

      50fbb3866841524e14b9d5f1a3e030606ef043ea26362cebf98a769ef156f81e2a2f5eba73dc507c2b790a51bff5734cb4cabf067cbc68a62d8a4fb7679119ff

    • SSDEEP

      6144:/Ya6E2BEfPv9jEthOTJHr8a/zcG/YH85Ij3ASl7cdPPUqSt+0Qod7qmByte:/YaAwPv9jEthOTdD/e85ZSydPPAt2odV

    • DarkCloud

      An information stealer written in Visual Basic.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks