General

  • Target

    Product-List.docx.doc

  • Size

    35KB

  • Sample

    230726-fn6hjahc48

  • MD5

    1882861692ac02f14f37709ffabccfb4

  • SHA1

    89ee2733e76117003ccbebe4d67a5665e93889d6

  • SHA256

    17cc77dc779d4556755a6ca45a26565eb7c3efbeff7d973b9aeb9d167ebfe27f

  • SHA512

    3f57f7b07b4b0580985194f2cb00e832558eacfde13abcabadc03b705b481b54d0b3fbb3af9880a1041dae50c067876bb551fba71508b7ea08d93517ae1c873e

  • SSDEEP

    768:7IIS5f4ZyQlF4ADtIgglgUSDr4O685fiAB7368R04p53fiA74O61fiACW4O6Hvnf:7TY020tIRWr4gK6d04LKe4vKxW4tf

Score
10/10

Malware Config

Extracted

Family

darkcloud

Attributes

Targets

    • Target

      Product-List.docx.doc

    • Size

      35KB

    • MD5

      1882861692ac02f14f37709ffabccfb4

    • SHA1

      89ee2733e76117003ccbebe4d67a5665e93889d6

    • SHA256

      17cc77dc779d4556755a6ca45a26565eb7c3efbeff7d973b9aeb9d167ebfe27f

    • SHA512

      3f57f7b07b4b0580985194f2cb00e832558eacfde13abcabadc03b705b481b54d0b3fbb3af9880a1041dae50c067876bb551fba71508b7ea08d93517ae1c873e

    • SSDEEP

      768:7IIS5f4ZyQlF4ADtIgglgUSDr4O685fiAB7368R04p53fiA74O61fiACW4O6Hvnf:7TY020tIRWr4gK6d04LKe4vKxW4tf

    Score
    10/10
    • DarkCloud

      An information stealer written in Visual Basic.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Abuses OpenXML format to download file from external location

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks