General

  • Target

    ABP Overdue.exe

  • Size

    918KB

  • Sample

    240123-cy92xsfacp

  • MD5

    dc8adcc624f9599d45e5e3b63411e4c7

  • SHA1

    65f0b0f038f3969d5080ec79ce559093b217c467

  • SHA256

    2c2ca8d1a75eef32da01814983a7a3dbddff14915ae96346af68dc29c65db7ea

  • SHA512

    51443b901a0abd5a74d69e22ec66367604a3b4005256efe3c96c843e5873ec158cec4dcc647508ca682975434514cf88977f170b6586bc31ae69b360919ce41e

  • SSDEEP

    12288:mlUgySozdUd283S5qgkFCxjI4s+gGL+i7vJ0TG/r7jam+VM/NwNVJdPFZdVBo6U1:8mFudCDkFCx84OG9Brj7emT/NCVJdz

Score
10/10

Malware Config

Extracted

Family

darkcloud

Attributes

Targets

    • Target

      ABP Overdue.exe

    • Size

      918KB

    • MD5

      dc8adcc624f9599d45e5e3b63411e4c7

    • SHA1

      65f0b0f038f3969d5080ec79ce559093b217c467

    • SHA256

      2c2ca8d1a75eef32da01814983a7a3dbddff14915ae96346af68dc29c65db7ea

    • SHA512

      51443b901a0abd5a74d69e22ec66367604a3b4005256efe3c96c843e5873ec158cec4dcc647508ca682975434514cf88977f170b6586bc31ae69b360919ce41e

    • SSDEEP

      12288:mlUgySozdUd283S5qgkFCxjI4s+gGL+i7vJ0TG/r7jam+VM/NwNVJdPFZdVBo6U1:8mFudCDkFCx84OG9Brj7emT/NCVJdz

    Score
    10/10
    • DarkCloud

      An information stealer written in Visual Basic.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks