General

  • Target

    LEIDA IMPEX SRL TRADING CO.pdf.exe

  • Size

    841KB

  • Sample

    240124-l83v2affgj

  • MD5

    794249309b980400d270115d32649018

  • SHA1

    fd135525f55f30d5797332b55831bd2e598ffaa0

  • SHA256

    fa4c8c4fd3ad0008d15bcd71e575130151f5f211f7b1fd3e4c934e68f9ec5ad7

  • SHA512

    30048477b75d1921b4afe7d436f93e44b4f3b46590240bac36e4784ad3d67d74dbcca1807c4ef930dddf2e284a7706f0163cae531ab718d107a7acfc5cf91eeb

  • SSDEEP

    24576:Gjru8aqNT6YIXuoukhwAnuS56olIxpMp:GjrujGW5nearNl5

Score
10/10

Malware Config

Extracted

Family

darkcloud

Attributes

Targets

    • Target

      LEIDA IMPEX SRL TRADING CO.pdf.exe

    • Size

      841KB

    • MD5

      794249309b980400d270115d32649018

    • SHA1

      fd135525f55f30d5797332b55831bd2e598ffaa0

    • SHA256

      fa4c8c4fd3ad0008d15bcd71e575130151f5f211f7b1fd3e4c934e68f9ec5ad7

    • SHA512

      30048477b75d1921b4afe7d436f93e44b4f3b46590240bac36e4784ad3d67d74dbcca1807c4ef930dddf2e284a7706f0163cae531ab718d107a7acfc5cf91eeb

    • SSDEEP

      24576:Gjru8aqNT6YIXuoukhwAnuS56olIxpMp:GjrujGW5nearNl5

    Score
    10/10
    • DarkCloud

      An information stealer written in Visual Basic.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks