General

  • Target

    PI YW-201123.exe

  • Size

    338KB

  • Sample

    230720-mkyf3sgc2y

  • MD5

    27de92ea28f11ed9a1b327f6df81deab

  • SHA1

    5e4bd89351040e293aa47a65c83c4705a92ed0fb

  • SHA256

    d46f7e127f48d7fc3d018fd53e2c7d473c6c54d1f3e2cabec145becbd247a717

  • SHA512

    e1e08d7a03a410b785f9d699b3aad97620f397c2898e0447482c731fd24e29fdf756ccf178a918782e12ef7f70263a565659c29a35e32bbbbfd78b4b4f5f7328

  • SSDEEP

    6144:PYa6usXhrARAhY41lUkwS5mr4Qy9LKjVdluSBXgStypbqK1AonEBDOES0VYOu:PY4q4AhYmUkbQyJKjfl/mOqAjKOu

Malware Config

Extracted

Family

darkcloud

Attributes

Targets

    • Target

      PI YW-201123.exe

    • Size

      338KB

    • MD5

      27de92ea28f11ed9a1b327f6df81deab

    • SHA1

      5e4bd89351040e293aa47a65c83c4705a92ed0fb

    • SHA256

      d46f7e127f48d7fc3d018fd53e2c7d473c6c54d1f3e2cabec145becbd247a717

    • SHA512

      e1e08d7a03a410b785f9d699b3aad97620f397c2898e0447482c731fd24e29fdf756ccf178a918782e12ef7f70263a565659c29a35e32bbbbfd78b4b4f5f7328

    • SSDEEP

      6144:PYa6usXhrARAhY41lUkwS5mr4Qy9LKjVdluSBXgStypbqK1AonEBDOES0VYOu:PY4q4AhYmUkbQyJKjfl/mOqAjKOu

    • DarkCloud

      An information stealer written in Visual Basic.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks