General

  • Target

    payment receipts.exe

  • Size

    986KB

  • Sample

    240131-sflvdageej

  • MD5

    cdcfa8aab8a4766ddb88df4635104d83

  • SHA1

    7ad43cc7224f694995e53325a581e659eabe2e16

  • SHA256

    0414ef0adb12bfe054d85f9196cee419bee6a7692187d83239bd5f8ee867c4c8

  • SHA512

    9948e0571bfd8a167ad456a7aa4380b7f73f0bc77475b827bb20303a5fe1bce03670900e275cec573c88df51cd42a2060012bba623c7358640af8e1209210acb

  • SSDEEP

    24576:FJRsQJVHvu3/mAUf45P3z55KTBmfswlibk:bWgHv0wq50TAfpEk

Score
10/10

Malware Config

Extracted

Family

darkcloud

Attributes

Targets

    • Target

      payment receipts.exe

    • Size

      986KB

    • MD5

      cdcfa8aab8a4766ddb88df4635104d83

    • SHA1

      7ad43cc7224f694995e53325a581e659eabe2e16

    • SHA256

      0414ef0adb12bfe054d85f9196cee419bee6a7692187d83239bd5f8ee867c4c8

    • SHA512

      9948e0571bfd8a167ad456a7aa4380b7f73f0bc77475b827bb20303a5fe1bce03670900e275cec573c88df51cd42a2060012bba623c7358640af8e1209210acb

    • SSDEEP

      24576:FJRsQJVHvu3/mAUf45P3z55KTBmfswlibk:bWgHv0wq50TAfpEk

    Score
    10/10
    • DarkCloud

      An information stealer written in Visual Basic.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks