General

  • Target

    PRE ALERT DOCUMENTS.exe

  • Size

    905KB

  • Sample

    230721-g6mc2scc77

  • MD5

    c1128956f3a5d97d01eb3a9a63fce28e

  • SHA1

    24472f38948b2bc2e7fcce07d3ba6f68a78b06d1

  • SHA256

    83c649919324adc6fddf8db7fbfb4750b8d990e0d1a25edda7b4f0cdcd044d05

  • SHA512

    55576b2afe96c9948b6503f46377b682714b818a97f02407b7a46a6212320f794b50d812eac1c35245fff966b790857a399a5835fc173c76882a2526f7cd3296

  • SSDEEP

    12288:lMS6ln+flo/XciMvDlFonmnE3eNOLyS/H/g1EpBDi34fp2GYfpdS0/WliOVAy/Mn:lFTdCjEsKieONco6cYvS0/9OVAy/L

Score
10/10

Malware Config

Extracted

Family

darkcloud

Attributes

Targets

    • Target

      PRE ALERT DOCUMENTS.exe

    • Size

      905KB

    • MD5

      c1128956f3a5d97d01eb3a9a63fce28e

    • SHA1

      24472f38948b2bc2e7fcce07d3ba6f68a78b06d1

    • SHA256

      83c649919324adc6fddf8db7fbfb4750b8d990e0d1a25edda7b4f0cdcd044d05

    • SHA512

      55576b2afe96c9948b6503f46377b682714b818a97f02407b7a46a6212320f794b50d812eac1c35245fff966b790857a399a5835fc173c76882a2526f7cd3296

    • SSDEEP

      12288:lMS6ln+flo/XciMvDlFonmnE3eNOLyS/H/g1EpBDi34fp2GYfpdS0/WliOVAy/Mn:lFTdCjEsKieONco6cYvS0/9OVAy/L

    Score
    10/10
    • DarkCloud

      An information stealer written in Visual Basic.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks