Overview

overview

10

Static

static

3

2049983c8b...d4.exe

windows7-x64

10

2049983c8b...d4.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2049983c8bc3bc8bfd8eb95e01e56071ed1833b01a6923133d1238aa904f01d4.exe

  • Size

    921KB

  • Sample

    240417-bhv3dsah8s

  • MD5

    9fe6dfcb679f1fb1c5a7c8c6269373ef

  • SHA1

    0fa13c67f2642390e7aa402a1e3383429703572b

  • SHA256

    2049983c8bc3bc8bfd8eb95e01e56071ed1833b01a6923133d1238aa904f01d4

  • SHA512

    bb33ec9b0e3579dad182b439ed8954d622124ba611eaeeb5bb93920a765c963da1de94da8895bf0e151ebef1380bf024606bff3fb9e2d4df7b14c8de2ff19e3c

  • SSDEEP

    12288:9jbl5URBsle4E3NgwUaDTm4V4CxOaVhGDvnKYI6kQLGjouEu80Lx+wnMCwwrb2pp:1E3lUa/mQ4CxOASRKQLWsxVag8avn

Score
10/10
darkcloudstealer

Malware Config

Extracted

Family

darkcloud

C2

https://api.telegram.org/bot7070490418:AAFJ-COsGzz3b8scJZVCXnt58-J1srUH5DQ/sendMessage?chat_id=5590273095

Targets

    • Target

      2049983c8bc3bc8bfd8eb95e01e56071ed1833b01a6923133d1238aa904f01d4.exe

    • Size

      921KB

    • MD5

      9fe6dfcb679f1fb1c5a7c8c6269373ef

    • SHA1

      0fa13c67f2642390e7aa402a1e3383429703572b

    • SHA256

      2049983c8bc3bc8bfd8eb95e01e56071ed1833b01a6923133d1238aa904f01d4

    • SHA512

      bb33ec9b0e3579dad182b439ed8954d622124ba611eaeeb5bb93920a765c963da1de94da8895bf0e151ebef1380bf024606bff3fb9e2d4df7b14c8de2ff19e3c

    • SSDEEP

      12288:9jbl5URBsle4E3NgwUaDTm4V4CxOaVhGDvnKYI6kQLGjouEu80Lx+wnMCwwrb2pp:1E3lUa/mQ4CxOASRKQLWsxVag8avn

    Score
    10/10
    darkcloudstealer

    • DarkCloud

      An information stealer written in Visual Basic.

      stealerdarkcloud

    • Detects executables containing SQL queries to confidential data stores. Observed in infostealers

    • Detects executables packed with SmartAssembly

    • Detects executables using Telegram Chat Bot

    • UPX dump on OEP (original entry point)

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks