General

  • Target

    88e5b0195785890d324ec49f11d0fcfd1f33c0b61d364825e6bb04831abc7fbf

  • Size

    889KB

  • Sample

    230726-h1s43saf4w

  • MD5

    e9a32c39471da0a007579b86dfd4ce38

  • SHA1

    6a5bafaf92e61712334b568d56896eb2613666c7

  • SHA256

    88e5b0195785890d324ec49f11d0fcfd1f33c0b61d364825e6bb04831abc7fbf

  • SHA512

    7d7c4a7a868ec7372c8eae80abac5e690cc861024c22beffce80fb6d35030dbba8559d33364cbd09b71c732794990035f79da668b6ad35e90b8912549e9212d7

  • SSDEEP

    24576:7f1xUL3sZxy6bpyVnJatGLtBxqg6IOBc8/M/:TT2f6NyVnJatGLHogXO28k/

Score
10/10

Malware Config

Extracted

Family

darkcloud

Attributes

Targets

    • Target

      88e5b0195785890d324ec49f11d0fcfd1f33c0b61d364825e6bb04831abc7fbf

    • Size

      889KB

    • MD5

      e9a32c39471da0a007579b86dfd4ce38

    • SHA1

      6a5bafaf92e61712334b568d56896eb2613666c7

    • SHA256

      88e5b0195785890d324ec49f11d0fcfd1f33c0b61d364825e6bb04831abc7fbf

    • SHA512

      7d7c4a7a868ec7372c8eae80abac5e690cc861024c22beffce80fb6d35030dbba8559d33364cbd09b71c732794990035f79da668b6ad35e90b8912549e9212d7

    • SSDEEP

      24576:7f1xUL3sZxy6bpyVnJatGLtBxqg6IOBc8/M/:TT2f6NyVnJatGLHogXO28k/

    Score
    10/10
    • DarkCloud

      An information stealer written in Visual Basic.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks