064cd228d36496ffabf693040096d5f4a83ee97929eb0080a62bcb57ec0ede03 | Triage

Sharing

General

Target

DarkLoader.exe
Size

71.4MB
Sample

240529-xtn9wafd22
MD5

f8147c844df079ca0b4f58906330ba8c
SHA1

52e467909fd1936917a86ee2f36a820fd25025fc
SHA256

064cd228d36496ffabf693040096d5f4a83ee97929eb0080a62bcb57ec0ede03
SHA512

4236c291b625f0d6a3146111fb595bfc025f20ea95f4c2b22e2bdd602f6c461e53af035745a075ef5fd7ee5d26268e98e7313bd78de1ac3e32abef56c3d6696a
SSDEEP

786432:ZdyRHFwanoK0du8XOzGbY55kQshmSBaNf6rt:ZdyxSaBL8XGGE55XArt

Score

8^/10

spyware stealer

Malware Config

Targets

- Target
  
  DarkLoader.exe
- Size
  
  71.4MB
- MD5
  
  f8147c844df079ca0b4f58906330ba8c
- SHA1
  
  52e467909fd1936917a86ee2f36a820fd25025fc
- SHA256
  
  064cd228d36496ffabf693040096d5f4a83ee97929eb0080a62bcb57ec0ede03
- SHA512
  
  4236c291b625f0d6a3146111fb595bfc025f20ea95f4c2b22e2bdd602f6c461e53af035745a075ef5fd7ee5d26268e98e7313bd78de1ac3e32abef56c3d6696a
- SSDEEP
  
  786432:ZdyRHFwanoK0du8XOzGbY55kQshmSBaNf6rt:ZdyxSaBL8XGGE55XArt
Score

8^/10

spyware stealer
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2