General

  • Target

    NA_1011a1f84416383bfa9241516_JC.exe

  • Size

    323KB

  • Sample

    230726-p6qz8sbd97

  • MD5

    abfb9a130697d72c080b9611d6ea9353

  • SHA1

    55eb6679cc759ec4c56e2049a63873a261f1ee99

  • SHA256

    1011a1f84416383bfa9241516964b0d06ef81709b95677334fc65ff7b0323cf5

  • SHA512

    db7550e0a1972bcc22cdba54be2601e86e02c718d32fbe045a8d667fb8e5b802aba6753c12e8a0c6f0d875f9e93374d091b5ab588ebd2803cc6b7ec11368a457

  • SSDEEP

    6144:/Ya6CHF1HCJfL7UrQlxEXTdCte4+Tt3/mENe2VkHMOJ:/YEl1Hkj7U8XEJCteJx3e4iHMS

Malware Config

Extracted

Family

darkcloud

Attributes

Targets

    • Target

      NA_1011a1f84416383bfa9241516_JC.exe

    • Size

      323KB

    • MD5

      abfb9a130697d72c080b9611d6ea9353

    • SHA1

      55eb6679cc759ec4c56e2049a63873a261f1ee99

    • SHA256

      1011a1f84416383bfa9241516964b0d06ef81709b95677334fc65ff7b0323cf5

    • SHA512

      db7550e0a1972bcc22cdba54be2601e86e02c718d32fbe045a8d667fb8e5b802aba6753c12e8a0c6f0d875f9e93374d091b5ab588ebd2803cc6b7ec11368a457

    • SSDEEP

      6144:/Ya6CHF1HCJfL7UrQlxEXTdCte4+Tt3/mENe2VkHMOJ:/YEl1Hkj7U8XEJCteJx3e4iHMS

    • DarkCloud

      An information stealer written in Visual Basic.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks