General

  • Target

    documents.bat.exe

  • Size

    877KB

  • Sample

    240206-ygys8agdcr

  • MD5

    173aa6b5c260b3e19f1b979f054b02b0

  • SHA1

    9ea4da05677968a322acf4330699e76b31676130

  • SHA256

    0dd421edda69a829b7b9d025fd81f947085c0b3a54d9025312823a56c2b5df83

  • SHA512

    29415d7778eb7d1275815f1bcee0c3f0613f300df29172ab03d63c119491af6ced57c25c39ed27e010c0e7ce7be87de216bf2757480db9fd392b95c1f8282d51

  • SSDEEP

    24576:L/UAc8bshd1ixMpqvhnjqJR33ulonktC+FMIpSmUrSGG:L/U8bI1+MMv5YwloWCZU0m7

Score
10/10

Malware Config

Extracted

Family

darkcloud

Attributes

Targets

    • Target

      documents.bat.exe

    • Size

      877KB

    • MD5

      173aa6b5c260b3e19f1b979f054b02b0

    • SHA1

      9ea4da05677968a322acf4330699e76b31676130

    • SHA256

      0dd421edda69a829b7b9d025fd81f947085c0b3a54d9025312823a56c2b5df83

    • SHA512

      29415d7778eb7d1275815f1bcee0c3f0613f300df29172ab03d63c119491af6ced57c25c39ed27e010c0e7ce7be87de216bf2757480db9fd392b95c1f8282d51

    • SSDEEP

      24576:L/UAc8bshd1ixMpqvhnjqJR33ulonktC+FMIpSmUrSGG:L/U8bI1+MMv5YwloWCZU0m7

    Score
    10/10
    • DarkCloud

      An information stealer written in Visual Basic.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks