General

  • Target

    5ecbfb33b1adf9c70b5f79f15f78b4672bb458c1bde52985e4dd7ba6c046465f

  • Size

    703KB

  • Sample

    240207-rcr2jsaebp

  • MD5

    434d182e6e4584f65a8c5f61b2bee723

  • SHA1

    fe7632a9cbcec011843577a248b3f40376e4698b

  • SHA256

    5ecbfb33b1adf9c70b5f79f15f78b4672bb458c1bde52985e4dd7ba6c046465f

  • SHA512

    91ef5b8953e0f1202d46b618239776532077ca7a8f3c3e8d1617ee8dd716f4d9e5ce83511e05bb902be31302b473291e05442a760cd4eb9c886cb9a7276be26b

  • SSDEEP

    12288:WbiAgYGp7Ev7BUbYCriqEbT0INP9HfBVKqk6MU21NX4alwiXSqtqgj:Fgv7BOTGYPU4XjDSqtq

Score
10/10

Malware Config

Extracted

Family

darkcloud

C2

https://api.telegram.org/bot6746383234:AAHJ0bggxpanHasWvjMSekrXd1f03jgHZUM/sendMessage?chat_id=6475103768

Targets

    • Target

      5ecbfb33b1adf9c70b5f79f15f78b4672bb458c1bde52985e4dd7ba6c046465f

    • Size

      703KB

    • MD5

      434d182e6e4584f65a8c5f61b2bee723

    • SHA1

      fe7632a9cbcec011843577a248b3f40376e4698b

    • SHA256

      5ecbfb33b1adf9c70b5f79f15f78b4672bb458c1bde52985e4dd7ba6c046465f

    • SHA512

      91ef5b8953e0f1202d46b618239776532077ca7a8f3c3e8d1617ee8dd716f4d9e5ce83511e05bb902be31302b473291e05442a760cd4eb9c886cb9a7276be26b

    • SSDEEP

      12288:WbiAgYGp7Ev7BUbYCriqEbT0INP9HfBVKqk6MU21NX4alwiXSqtqgj:Fgv7BOTGYPU4XjDSqtq

    Score
    10/10
    • DarkCloud

      An information stealer written in Visual Basic.

    • Drops startup file

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks