General

  • Target

    aba88143cd94bee22ac746f3ffa282c7.bin

  • Size

    893KB

  • Sample

    230726-b53qrahc8y

  • MD5

    51710784881185f4a8af6d72e3bc6a81

  • SHA1

    2a64baf84b254566f7a5ffa75c9237eb6190d630

  • SHA256

    c89e829f1f41285acf3cb9cfdb511be580c6b5ecb81c01cc16dca62529700aec

  • SHA512

    c7938e2d4fd9b8cea07c6376598fec77bea53df727c084cc640f094ac7d24d7f46ed750887c0b36633fc239862b8469c12da9c749e150abe03605f62ce1f1532

  • SSDEEP

    24576:TZymlA2796lOyAm8nFFNYpyDQJECUpsNXjf5Y1M:TZyGpoGtFuhJECUpEv

Score
10/10

Malware Config

Extracted

Family

darkcloud

C2

https://api.telegram.org/bot6201772437:AAE8z2HCV4dlViF8O7_bVozdyvuR6EkBCPA/sendMessage?chat_id=1909112828

Targets

    • Target

      b486b79e598d35b293908f445bd1c571d0a7439e548928f19c21a0d70cfcf330.exe

    • Size

      973KB

    • MD5

      aba88143cd94bee22ac746f3ffa282c7

    • SHA1

      378ddf1acf1f60f0601672b9ae4a14a1a0166e7a

    • SHA256

      b486b79e598d35b293908f445bd1c571d0a7439e548928f19c21a0d70cfcf330

    • SHA512

      521f8907e8d65a758b599a208790fd8d2ea8706bd7ef5ba55cffb6fad1fb0a7737e95c1c174948a569af35dddf51065ed09b9913969cbf6bb8189229c613536c

    • SSDEEP

      12288:QOvJRBusyx5tOIIRwaaLGBlN6mfc7of3hdwP/cQi3pDvi4OWbDlX9hle4dDMG3GQ:TFud+KaaLaNc7c3v8ultBeuZB9

    Score
    10/10
    • DarkCloud

      An information stealer written in Visual Basic.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks