General

  • Target

    ICICICICICICICICICICICICICICICIC################ICICICICICICICI.doc

  • Size

    27KB

  • Sample

    230721-bzl6tabf24

  • MD5

    2618bf01246591cfbe0b0a082c478fa7

  • SHA1

    2d08b0e73cce16620348b634846d2a58856a863a

  • SHA256

    97ebc905cac3e1926e2246a6b194a9a513a0dec07d82ac9be5d7368582f548d3

  • SHA512

    a1244fc66e98f9dfa52dd51d12bc4f4ec5f2af3059150f4da72e43a491d20f1fde730617484139f6a14595e5d5a59faee842eeb496e29177de4f42e83d0b78b8

  • SSDEEP

    768:G18Oq1zikbgUeiinwKNX63xaSHE7eb139U6158kFulWDc1WWLek:68OYJUBiinwKNX6c0txikFK1WWSk

Score
10/10

Malware Config

Extracted

Family

darkcloud

Attributes

Targets

    • Target

      ICICICICICICICICICICICICICICICIC################ICICICICICICICI.doc

    • Size

      27KB

    • MD5

      2618bf01246591cfbe0b0a082c478fa7

    • SHA1

      2d08b0e73cce16620348b634846d2a58856a863a

    • SHA256

      97ebc905cac3e1926e2246a6b194a9a513a0dec07d82ac9be5d7368582f548d3

    • SHA512

      a1244fc66e98f9dfa52dd51d12bc4f4ec5f2af3059150f4da72e43a491d20f1fde730617484139f6a14595e5d5a59faee842eeb496e29177de4f42e83d0b78b8

    • SSDEEP

      768:G18Oq1zikbgUeiinwKNX63xaSHE7eb139U6158kFulWDc1WWLek:68OYJUBiinwKNX6c0txikFK1WWSk

    Score
    10/10
    • DarkCloud

      An information stealer written in Visual Basic.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks