General

  • Target

    Invoice.exe

  • Size

    925KB

  • Sample

    230719-qp3s5sgc45

  • MD5

    8c3cb6cbee384a1cbff8d1b9a21db88f

  • SHA1

    e8fd0931672e37c9322f8f6b5c63cf04f64aab55

  • SHA256

    df9601c2abefafaf4da2b6b95d6beb6a8f59d62e527cb803879f49e12bc6a798

  • SHA512

    14df62424872ee2bd3c79549a2b7523cc5561575e4e8fd1b825a901b693dd650bfebc436a94afaa6cac512d0d77d5cd523848df4d4e7b93e20d3bd6377b6fe14

  • SSDEEP

    24576:dCfzW/ZbGA4dx8ZJ7R1nSoQ8sY3hq/vcchDj2NkWIl:oa/1GA4dmZJ11nSONA/vwOWI

Score
10/10

Malware Config

Extracted

Family

darkcloud

C2

https://api.telegram.org/bot6286742839:AAEBPY8dNKiSbc20pxOzagMixRMMK1n0Jro/sendMessage?chat_id=6398779288

Targets

    • Target

      Invoice.exe

    • Size

      925KB

    • MD5

      8c3cb6cbee384a1cbff8d1b9a21db88f

    • SHA1

      e8fd0931672e37c9322f8f6b5c63cf04f64aab55

    • SHA256

      df9601c2abefafaf4da2b6b95d6beb6a8f59d62e527cb803879f49e12bc6a798

    • SHA512

      14df62424872ee2bd3c79549a2b7523cc5561575e4e8fd1b825a901b693dd650bfebc436a94afaa6cac512d0d77d5cd523848df4d4e7b93e20d3bd6377b6fe14

    • SSDEEP

      24576:dCfzW/ZbGA4dx8ZJ7R1nSoQ8sY3hq/vcchDj2NkWIl:oa/1GA4dmZJ11nSONA/vwOWI

    Score
    10/10
    • DarkCloud

      An information stealer written in Visual Basic.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks