General

  • Target

    LEIDA IMPEX SRL TRADING CO. INQUIRY.jar

  • Size

    1.8MB

  • Sample

    240124-lwmchsfdbp

  • MD5

    c43c2a5d2bab9cd217e91c14d302c835

  • SHA1

    943495ff135a870fe8d0a9886593b7610f0a4a05

  • SHA256

    44fbccda88d6e6050b012ee0d4d32c20a832f6ffe1d90158f4b0a3d42578ae18

  • SHA512

    b8673280a0e468b9921df960216ea0123b4e75a7e325072d26ac214528d51964b32ba604e1d97ca6676cbd4ef3645452958a15b0a0b3ad70704bff532b3d0c7d

  • SSDEEP

    24576:qgeLSt2iaVQY0Vdn/Q55O6tIPHvNP1D1KZm6LSt2iaVQY0Vdn/Q55O6tIPHvNP1j:UfVQfoCNPN0ZmofVQfoCNPN0Zml

Malware Config

Extracted

Family

darkcloud

Attributes

Targets

    • Target

      LEIDA IMPEX SRL TRADING CO. INQUIRY.jar

    • Size

      1.8MB

    • MD5

      c43c2a5d2bab9cd217e91c14d302c835

    • SHA1

      943495ff135a870fe8d0a9886593b7610f0a4a05

    • SHA256

      44fbccda88d6e6050b012ee0d4d32c20a832f6ffe1d90158f4b0a3d42578ae18

    • SHA512

      b8673280a0e468b9921df960216ea0123b4e75a7e325072d26ac214528d51964b32ba604e1d97ca6676cbd4ef3645452958a15b0a0b3ad70704bff532b3d0c7d

    • SSDEEP

      24576:qgeLSt2iaVQY0Vdn/Q55O6tIPHvNP1D1KZm6LSt2iaVQY0Vdn/Q55O6tIPHvNP1j:UfVQfoCNPN0ZmofVQfoCNPN0Zml

    • DarkCloud

      An information stealer written in Visual Basic.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks