General

  • Target

    documents.exe

  • Size

    911KB

  • Sample

    240122-xvxmmsdac8

  • MD5

    9530a4b5c2772de4edb6005f057c0405

  • SHA1

    f544295bc15e8c1f69e9c2939acc88decfe404c8

  • SHA256

    6e94f38fee814023e77c4f2f3f718fd0bdf456974fb7742c03ee17dd2054050c

  • SHA512

    62d66a9cdaa81a4e651711dfa27de2dd0269a3200da8f62dd91a479bc925198caa9b4090cdf2e509832b9d226f1d33b28f5f66f6a30c7f0ad39f8f0e3f5f56ed

  • SSDEEP

    12288:8SGnBbC8IABQRIVa8Tt5g0IhUSIw28Ph0S0NrlhjT2E6JbkpjPJaGbrKHaYl18/d:NEC+BVTUZX2HjTz6pmddYl10

Score
10/10

Malware Config

Extracted

Family

darkcloud

Attributes

Targets

    • Target

      documents.exe

    • Size

      911KB

    • MD5

      9530a4b5c2772de4edb6005f057c0405

    • SHA1

      f544295bc15e8c1f69e9c2939acc88decfe404c8

    • SHA256

      6e94f38fee814023e77c4f2f3f718fd0bdf456974fb7742c03ee17dd2054050c

    • SHA512

      62d66a9cdaa81a4e651711dfa27de2dd0269a3200da8f62dd91a479bc925198caa9b4090cdf2e509832b9d226f1d33b28f5f66f6a30c7f0ad39f8f0e3f5f56ed

    • SSDEEP

      12288:8SGnBbC8IABQRIVa8Tt5g0IhUSIw28Ph0S0NrlhjT2E6JbkpjPJaGbrKHaYl18/d:NEC+BVTUZX2HjTz6pmddYl10

    Score
    10/10
    • DarkCloud

      An information stealer written in Visual Basic.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks