General

  • Target

    397cd818297d991cdd6497572d261a25.bin

  • Size

    957KB

  • Sample

    240208-bngf7abg42

  • MD5

    862d013f9ee9694935d684592f5552fd

  • SHA1

    7bef54a5de2c4ff70381effe82fd26e4966da3cc

  • SHA256

    4a930ad4164e05378212a38bfc00145abe6519bb4edced481a2d93e8f82d0261

  • SHA512

    413121934e9c9932cd6e9e68a2817d5bea8413185a2d7148d33e4bf559a3067d349a6be849cd9a2f46c93f9640b92ea5792efcca0328deacb5ec58033cf5b05f

  • SSDEEP

    12288:dLKwpxqbdCjWNO2CrqyjGaGuyvOOqL7M+7VsURTRN6tCMnnZlUarT4Fr+ExjzGcs:d/YdCCMrqDOOqHTRN6thgN+izGK2v

Malware Config

Extracted

Family

darkcloud

Attributes

Targets

    • Target

      0112a299785ef16cc0d6b84bf084a0122a700788180242afae4dac3b40a2bb50.exe

    • Size

      1.0MB

    • MD5

      397cd818297d991cdd6497572d261a25

    • SHA1

      11cc48c47f1aac9af6ed1e15f66bba98899581b9

    • SHA256

      0112a299785ef16cc0d6b84bf084a0122a700788180242afae4dac3b40a2bb50

    • SHA512

      c683a1327f887c8e82eb032df862c84e3faa58dcfa9ff37ad5d7fd6287a356e59ae32b8512862f88d03bf8d63b71a95682343c8d3d982f76c3ce398371ebcb4f

    • SSDEEP

      24576:pO9cxPuT2Vj/wgFXRtl+btB7QVdWfXDE1MIz53u:pOV6Nz9YbATWvDlIN3u

    • DarkCloud

      An information stealer written in Visual Basic.

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks