Overview

overview

10

Static

static

3

1e7bec6e21...9e.exe

windows7-x64

10

1e7bec6e21...9e.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    186efb185bf40490af91ff0d892f1cddc19e34f859ff3f48c03f30a3c3dda63f

  • Size

    703KB

  • Sample

    240417-r1tv2sdh6z

  • MD5

    8ecfee0ae03c32938018c09aa5f727f1

  • SHA1

    a1308d31fe13141b0d83a17f002bcfef9178c4b2

  • SHA256

    186efb185bf40490af91ff0d892f1cddc19e34f859ff3f48c03f30a3c3dda63f

  • SHA512

    e6c9e459c3f650db923a036db652959f7166e7e6964ea24625fd79e9a7e94edc7983d1ac52a62fea935badc085c690f262165eabae83c4c0e0b9c0580b521a7d

  • SSDEEP

    12288:v2V79sA0LiAciiRTej6JMhcQ4v6Jk34JJIdt7weA6+jvcxtTN4Cb0nBAyZtkJqLJ:v2VXQiAbaTej6JME6YIJStUO+jvItTN8

Score
10/10
darkcloudstealer

Malware Config

Extracted

Family

darkcloud

Attributes
  • email_from

    abybay.com_rw1x6mkwaai@abybay.com

  • email_to

    zarbaby12@yandex.com

Targets

    • Target

      1e7bec6e211e8cd375a52939396d844622a93c487758a9e6dae6ed8733ceda9e.exe

    • Size

      837KB

    • MD5

      d33e029670979b9b113f5e019fd7c89c

    • SHA1

      aa245e7abb445325d127a551a316b1d9c9d2aca7

    • SHA256

      1e7bec6e211e8cd375a52939396d844622a93c487758a9e6dae6ed8733ceda9e

    • SHA512

      8e50e4b3e775e93412b539fb062730f9b942031e9c13da018a189c60b92d1b2fe1dda9b8a30aba05a7997ed154bde4762ab251e56076cd64474f1464863a2742

    • SSDEEP

      12288:QvcfkIOldtSlQ5od3dI+6csqNpzZuV3NLrq0Wxjrx+dZjJD05I3J2Y:7fkrl2fdIvqgV3w/trx+pQcJD

    Score
    10/10
    darkcloudstealer

    • DarkCloud

      An information stealer written in Visual Basic.

      stealerdarkcloud

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks