General

  • Target

    PI YW-201123.zip

  • Size

    323KB

  • Sample

    230720-ndpq2agf8v

  • MD5

    2fcca15c1395bb3ff8f85df226fa1e64

  • SHA1

    7a8e817d7d14900c70f9c67266d80b7cb2d97931

  • SHA256

    6d9352c69f57555cb6d8a4c038bf6d37259136618429c9432c13516701e27274

  • SHA512

    79bb096d07f6ec5923f7c92d19180d6363e07538c85328932a25b0c8120a136cbf4dc72e83f152d0d7e104e7ea431f0a8b9521ff6b40fdaf5f4222973f3b6d89

  • SSDEEP

    6144:gpU8PLHReXARAPY41jUiwI5mPqQy3LKjVdTuSBD0StUpbqa1Aov0BBOSS0VxOP:qPLxe+APY+UiBQybKjfT/+OIqPPOP

Malware Config

Extracted

Family

darkcloud

Attributes

Targets

    • Target

      PI YW-201123.exe

    • Size

      338KB

    • MD5

      27de92ea28f11ed9a1b327f6df81deab

    • SHA1

      5e4bd89351040e293aa47a65c83c4705a92ed0fb

    • SHA256

      d46f7e127f48d7fc3d018fd53e2c7d473c6c54d1f3e2cabec145becbd247a717

    • SHA512

      e1e08d7a03a410b785f9d699b3aad97620f397c2898e0447482c731fd24e29fdf756ccf178a918782e12ef7f70263a565659c29a35e32bbbbfd78b4b4f5f7328

    • SSDEEP

      6144:PYa6usXhrARAhY41lUkwS5mr4Qy9LKjVdluSBXgStypbqK1AonEBDOES0VYOu:PY4q4AhYmUkbQyJKjfl/mOqAjKOu

    • DarkCloud

      An information stealer written in Visual Basic.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks