Overview

overview

10

Static

static

3

ac6292652a...92.exe

windows7-x64

10

ac6292652a...92.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ac6292652a23c9b3a2f4f50af30d246fe20863c6b93ae0b1a0c9328c597e1292.exe

  • Size

    1.0MB

  • Sample

    240529-b76v7ade8y

  • MD5

    94fa96ca6d0da78b7a98f8a62c5813b7

  • SHA1

    9f7a12fc349848ed9ca37d6feddea64dcc490a0d

  • SHA256

    ac6292652a23c9b3a2f4f50af30d246fe20863c6b93ae0b1a0c9328c597e1292

  • SHA512

    1fa38eadb211e7c6ad2a1f7b9b520a953c1632bfb187a16ebb4fbf7eabc4eb28a385f19666be5bcd15535f0ceabb1acacbe9b687939d0bb66ad0a80ba690a6d0

  • SSDEEP

    24576:jNxY7AJDq1S1pOefXNV0132slDtKEBpfqegsu1D1:jNxvtXOefbYMEbysw1

Score
10/10
darkcloudstealer

Malware Config

Extracted

Family

darkcloud

C2

https://api.telegram.org/bot6800672014:AAFjIhthNxpYeDLxh4u9CJvqMfisOhMGH6M/sendMessage?chat_id=6542615755

Targets

    • Target

      ac6292652a23c9b3a2f4f50af30d246fe20863c6b93ae0b1a0c9328c597e1292.exe

    • Size

      1.0MB

    • MD5

      94fa96ca6d0da78b7a98f8a62c5813b7

    • SHA1

      9f7a12fc349848ed9ca37d6feddea64dcc490a0d

    • SHA256

      ac6292652a23c9b3a2f4f50af30d246fe20863c6b93ae0b1a0c9328c597e1292

    • SHA512

      1fa38eadb211e7c6ad2a1f7b9b520a953c1632bfb187a16ebb4fbf7eabc4eb28a385f19666be5bcd15535f0ceabb1acacbe9b687939d0bb66ad0a80ba690a6d0

    • SSDEEP

      24576:jNxY7AJDq1S1pOefXNV0132slDtKEBpfqegsu1D1:jNxvtXOefbYMEbysw1

    Score
    10/10
    darkcloudstealer

    • DarkCloud

      An information stealer written in Visual Basic.

      stealerdarkcloud

    • Detects executables containing SQL queries to confidential data stores. Observed in infostealers

    • Detects executables using Telegram Chat Bot

    • UPX dump on OEP (original entry point)

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks