General

  • Target

    PI-Yongkang Zhongheng.exe

  • Size

    851KB

  • Sample

    230726-lkvvhsbc3s

  • MD5

    8d941856eda9ed2762940348ac7cde1e

  • SHA1

    7a333af072204d26768e8facadad276a1e6bf40f

  • SHA256

    cc73f108b12aeba27a3b77b3c8a8e0df2889659ec79c71fae944fa04d2870b0d

  • SHA512

    9078d2781d18f8f10b9d5ac9198e8274ff4aa9b3e4f29661f664bef9be7404bd398a87dfcd038fb017de124af15d40236c0705d66f99344c5935dfd0597575d4

  • SSDEEP

    12288:lJmefaynhcB5DZ4EslUTKFoGy3Qd3xEpwjHGZpxBxORkWMnK+/ATZn/6:KeCQcB5l12KGy3wOpwjHU7BxOCn3Y

Score
10/10

Malware Config

Extracted

Family

darkcloud

C2

https://api.telegram.org/bot6474909072:AAE35t_kjfFFVCPF7xcGUBipQxF6QCUotU/sendMessage?chat_id=1184359262

Targets

    • Target

      PI-Yongkang Zhongheng.exe

    • Size

      851KB

    • MD5

      8d941856eda9ed2762940348ac7cde1e

    • SHA1

      7a333af072204d26768e8facadad276a1e6bf40f

    • SHA256

      cc73f108b12aeba27a3b77b3c8a8e0df2889659ec79c71fae944fa04d2870b0d

    • SHA512

      9078d2781d18f8f10b9d5ac9198e8274ff4aa9b3e4f29661f664bef9be7404bd398a87dfcd038fb017de124af15d40236c0705d66f99344c5935dfd0597575d4

    • SSDEEP

      12288:lJmefaynhcB5DZ4EslUTKFoGy3Qd3xEpwjHGZpxBxORkWMnK+/ATZn/6:KeCQcB5l12KGy3wOpwjHU7BxOCn3Y

    Score
    10/10
    • DarkCloud

      An information stealer written in Visual Basic.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks