General

  • Target

    SecuriteInfo.com.Gen.Variant.Fragtor.325313.9099.20664.exe

  • Size

    336KB

  • Sample

    230721-bv8t1scb7s

  • MD5

    66cc22ed167cdaef60b10efd54949ff6

  • SHA1

    bbe7a39f01333346c8e3bcfbf73e4c484a3bc2cd

  • SHA256

    78fbd42e5b8ac36090e1765cb86e573a4d8f2c3e1b6339c3e081343e74967943

  • SHA512

    57c4c110a59c104af9ddee66d75a62330d985d83d604f3131920449265a9e2f2b5aa36f34da1b8fb86fe3875c254e27bfb87f51f32bc699ec465db4d1786640e

  • SSDEEP

    6144:/Ya6D86Y0vp4i0viRcFiU+0/WHT22FtdJ9KGTV:/YpThvOi0OcFiUdeHa27dXV

Malware Config

Extracted

Family

darkcloud

Attributes

Targets

    • Target

      SecuriteInfo.com.Gen.Variant.Fragtor.325313.9099.20664.exe

    • Size

      336KB

    • MD5

      66cc22ed167cdaef60b10efd54949ff6

    • SHA1

      bbe7a39f01333346c8e3bcfbf73e4c484a3bc2cd

    • SHA256

      78fbd42e5b8ac36090e1765cb86e573a4d8f2c3e1b6339c3e081343e74967943

    • SHA512

      57c4c110a59c104af9ddee66d75a62330d985d83d604f3131920449265a9e2f2b5aa36f34da1b8fb86fe3875c254e27bfb87f51f32bc699ec465db4d1786640e

    • SSDEEP

      6144:/Ya6D86Y0vp4i0viRcFiU+0/WHT22FtdJ9KGTV:/YpThvOi0OcFiUdeHa27dXV

    • DarkCloud

      An information stealer written in Visual Basic.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks