General

  • Target

    file.exe

  • Size

    916KB

  • Sample

    240131-m9qgrscfbr

  • MD5

    07ecf716a8c177510d8bbb67c9023589

  • SHA1

    ff8623958dbacdbd2d370e34b91d55823906b0e1

  • SHA256

    22b5dce4881004cd5491a450ccd459dc4790f28e8dfd9765e040b51003cccab8

  • SHA512

    f757576f63cece311e391b458a5d953d825a66437dcc2cf98e5f2249e89463268c363dd7facfd316827117de6d61cc8a1c5d732f6b6c9c47ab82c986920018d2

  • SSDEEP

    12288:pjgO9SCF1OevUUGQv0R4jesqzAOzS7EPoHWj9cy1eMX9ECcCVu5brNKtqFJ/hkaC:xgO9ZzvzKLAkDA2xcyB9uJGG/hWuzw

Score
10/10

Malware Config

Extracted

Family

darkcloud

Attributes

Targets

    • Target

      file.exe

    • Size

      916KB

    • MD5

      07ecf716a8c177510d8bbb67c9023589

    • SHA1

      ff8623958dbacdbd2d370e34b91d55823906b0e1

    • SHA256

      22b5dce4881004cd5491a450ccd459dc4790f28e8dfd9765e040b51003cccab8

    • SHA512

      f757576f63cece311e391b458a5d953d825a66437dcc2cf98e5f2249e89463268c363dd7facfd316827117de6d61cc8a1c5d732f6b6c9c47ab82c986920018d2

    • SSDEEP

      12288:pjgO9SCF1OevUUGQv0R4jesqzAOzS7EPoHWj9cy1eMX9ECcCVu5brNKtqFJ/hkaC:xgO9ZzvzKLAkDA2xcyB9uJGG/hWuzw

    Score
    10/10
    • DarkCloud

      An information stealer written in Visual Basic.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks