General

  • Target

    DBNote - CRNote _ DRAFT MBL HBL KGNSA2212999 ETD SHIPPING DOCS.exe

  • Size

    343KB

  • Sample

    230720-l18rbafg9v

  • MD5

    0ebcaa089dd5f0c9ee4c628badfd8f7b

  • SHA1

    9c675efec7954a6780004294084f78b2a06675ee

  • SHA256

    c8bbb6208a9ca69f2baebf0b426af881e58cca8f3fb2b76359a459b6b3df2e83

  • SHA512

    40fc2eab3d786742731adaff0f92bd3408f62aeeadac0d7cb5e3046ee683a9d407ae2f8e8a54de141b7a2208a33d645bd3e8725a4155e99f50ce75dbbb8e34f4

  • SSDEEP

    6144:/Ya6AWuGwNYK0GTMKh6+KZvZu7sb08ZDONDTbxzhp7d2fdxCmEQnKVYhXaa1wrbr:/YmI3NKo+uvZjb08Nsrxz52fdEmEQnDq

Malware Config

Extracted

Family

darkcloud

Attributes

Targets

    • Target

      DBNote - CRNote _ DRAFT MBL HBL KGNSA2212999 ETD SHIPPING DOCS.exe

    • Size

      343KB

    • MD5

      0ebcaa089dd5f0c9ee4c628badfd8f7b

    • SHA1

      9c675efec7954a6780004294084f78b2a06675ee

    • SHA256

      c8bbb6208a9ca69f2baebf0b426af881e58cca8f3fb2b76359a459b6b3df2e83

    • SHA512

      40fc2eab3d786742731adaff0f92bd3408f62aeeadac0d7cb5e3046ee683a9d407ae2f8e8a54de141b7a2208a33d645bd3e8725a4155e99f50ce75dbbb8e34f4

    • SSDEEP

      6144:/Ya6AWuGwNYK0GTMKh6+KZvZu7sb08ZDONDTbxzhp7d2fdxCmEQnKVYhXaa1wrbr:/YmI3NKo+uvZjb08Nsrxz52fdEmEQnDq

    • DarkCloud

      An information stealer written in Visual Basic.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks