Overview

overview

10

Static

static

5

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9ef94607fc86a367934d7bd636d9a92c6943e41a79f1defb622d8716f013bde8

  • Size

    1.2MB

  • Sample

    240416-te7acsfg5y

  • MD5

    42352173769d2a4f3b7e4e10bb135092

  • SHA1

    87afa2afe4b2a5dda9d7684d79c5f2958d387ac8

  • SHA256

    9ef94607fc86a367934d7bd636d9a92c6943e41a79f1defb622d8716f013bde8

  • SHA512

    11708e5f16833f513f8ebb5e371dd9bbaaae03ec1d58ebc4dca369dbb4b9b472ad84f88e33b54ac80b64a3d42254a3d990d6584e5fe8b88596f19f2fd1ae82f5

  • SSDEEP

    24576:yAHnh+eWsN3skA4RV1Hom2KXMmHa5vDa6jeukIWmxrQcBn5:1h+ZkldoPK8Ya5BeantQcX

Score
10/10
darkcloudstealer

Malware Config

Extracted

Family

darkcloud

Attributes
  • email_from

    igor.bos@vinoterra.ru

  • email_to

    officebackup01@mail.ru

Targets

    • Target

      9ef94607fc86a367934d7bd636d9a92c6943e41a79f1defb622d8716f013bde8

    • Size

      1.2MB

    • MD5

      42352173769d2a4f3b7e4e10bb135092

    • SHA1

      87afa2afe4b2a5dda9d7684d79c5f2958d387ac8

    • SHA256

      9ef94607fc86a367934d7bd636d9a92c6943e41a79f1defb622d8716f013bde8

    • SHA512

      11708e5f16833f513f8ebb5e371dd9bbaaae03ec1d58ebc4dca369dbb4b9b472ad84f88e33b54ac80b64a3d42254a3d990d6584e5fe8b88596f19f2fd1ae82f5

    • SSDEEP

      24576:yAHnh+eWsN3skA4RV1Hom2KXMmHa5vDa6jeukIWmxrQcBn5:1h+ZkldoPK8Ya5BeantQcX

    Score
    10/10
    darkcloudstealer

    • DarkCloud

      An information stealer written in Visual Basic.

      stealerdarkcloud

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks