Overview

overview

10

Static

static

5

0c0d782dac...6b.exe

windows7-x64

10

0c0d782dac...6b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    982f1903db530be43b0d0fc4ce976e8e.bin

  • Size

    756KB

  • Sample

    240427-bzzf5shb9x

  • MD5

    32d2445e2ca227469416d8f90740beed

  • SHA1

    e00a79f8e4792c8941b37aeb3c875291abe31c27

  • SHA256

    3beb65fdb7b4299fb669f8e5f97032e86aaba26224ce5a6178a99d637ea1a9dc

  • SHA512

    f3fc9e3efa6af0e84711ffa65cfbde89a86a01410e105bfc124c4492a67a936308b5d5193bdf48481a1522ec52de46de432f617dc0d79f6dd1d0e010af83aedb

  • SSDEEP

    12288:WgDxunl2jhnWjYKePdbmSEXDMAng/ewH5BiS2VMYMnojtzzLoi5Yd4ggc:WgtuM1KYH1mHDg2oBntYWi6dB

Score
10/10
darkcloudstealer

Malware Config

Extracted

Family

darkcloud

Attributes
  • email_from

    igor.bos@vinoterra.ru

  • email_to

    office.tony39@mail.ru

Targets

    • Target

      0c0d782dac4f8afdf63e33666febfe1aea6605c1a64ae532a8b84d2d315b176b.exe

    • Size

      1.1MB

    • MD5

      982f1903db530be43b0d0fc4ce976e8e

    • SHA1

      e2a9534e65f2ae33df71b136cfef600eab4f3627

    • SHA256

      0c0d782dac4f8afdf63e33666febfe1aea6605c1a64ae532a8b84d2d315b176b

    • SHA512

      80d5a9a05b5079dc99f48ac2497dfa5ef08fb37204d5b6811f5ad3806950d43ddfecea13713e9624ef00473f75c94a661b48b27363461a532bcb237a6afbbd2b

    • SSDEEP

      24576:DAHnh+eWsN3skA4RV1Hom2KXMmHaoPOpKOWz6zBvxwiruLgP5:Oh+ZkldoPK8YaompKFz6lJw4uA

    Score
    10/10
    darkcloudstealer

    • DarkCloud

      An information stealer written in Visual Basic.

      stealerdarkcloud

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks