Overview

overview

10

Static

static

3

5ecbfb33b1...5f.exe

windows7-x64

10

5ecbfb33b1...5f.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    66645939bd6645c87153990dd60e2193733d99f2cb61fcfc16bd140793ed1e8d

  • Size

    633KB

  • Sample

    240417-rvmjsade7x

  • MD5

    218cabed0002eb706465155f72e288fe

  • SHA1

    0691acc82b975b1b3f240ac54a00fe3836c3bf51

  • SHA256

    66645939bd6645c87153990dd60e2193733d99f2cb61fcfc16bd140793ed1e8d

  • SHA512

    890af681d7fc297735a6ae89c7e86e7b9596c8ffe23a39f9a2bab0c8130ccce2d4a234b287c1240f0341c5a449e307fbc1e458b018a7198d62c6737bb6061d39

  • SSDEEP

    12288:LbAj0jX4TrPl3ts21nPVZ1J9sFnnOXVaGl8E/xP09pQxvVuI1IYjnRl:/MWX4d3tPnPVZ1vsFnOXVa9210vQlgIN

Score
10/10
darkcloudstealer

Malware Config

Extracted

Family

darkcloud

C2

https://api.telegram.org/bot6746383234:AAHJ0bggxpanHasWvjMSekrXd1f03jgHZUM/sendMessage?chat_id=6475103768

Targets

    • Target

      5ecbfb33b1adf9c70b5f79f15f78b4672bb458c1bde52985e4dd7ba6c046465f.exe

    • Size

      703KB

    • MD5

      434d182e6e4584f65a8c5f61b2bee723

    • SHA1

      fe7632a9cbcec011843577a248b3f40376e4698b

    • SHA256

      5ecbfb33b1adf9c70b5f79f15f78b4672bb458c1bde52985e4dd7ba6c046465f

    • SHA512

      91ef5b8953e0f1202d46b618239776532077ca7a8f3c3e8d1617ee8dd716f4d9e5ce83511e05bb902be31302b473291e05442a760cd4eb9c886cb9a7276be26b

    • SSDEEP

      12288:WbiAgYGp7Ev7BUbYCriqEbT0INP9HfBVKqk6MU21NX4alwiXSqtqgj:Fgv7BOTGYPU4XjDSqtq

    Score
    10/10
    darkcloudstealer

    • DarkCloud

      An information stealer written in Visual Basic.

      stealerdarkcloud

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks