Overview

overview

10

Static

static

3

11db64f5b5...25.exe

windows7-x64

10

11db64f5b5...25.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    11db64f5b588f39af3ac22291693929990e7d2066319020d2763a6b26cc39125.exe

  • Size

    2.0MB

  • Sample

    240626-bema3sxfjr

  • MD5

    9bb451adbe6aefc385b3aebe7dec18ed

  • SHA1

    69e4d183677c260f10022a25a31536790ae4710b

  • SHA256

    11db64f5b588f39af3ac22291693929990e7d2066319020d2763a6b26cc39125

  • SHA512

    71d9073756c5ee9b7c33244dfa3d95dc13c479e67543ffd8ce68dde7194694a469e1473c4c48f95cf00f096cb5303296b485da22a8eeb1781850355e2fe6668e

  • SSDEEP

    49152:TOD+bTI6YTDml4HJPHDQkOBU0f9iygcrxZ3aU5ZAIrRo2ht1L14vk2DlMijg7Ccp:Kv85E+r

Score
10/10
darkcloudstealer

Malware Config

Extracted

Family

darkcloud

Attributes

Targets

    • Target

      11db64f5b588f39af3ac22291693929990e7d2066319020d2763a6b26cc39125.exe

    • Size

      2.0MB

    • MD5

      9bb451adbe6aefc385b3aebe7dec18ed

    • SHA1

      69e4d183677c260f10022a25a31536790ae4710b

    • SHA256

      11db64f5b588f39af3ac22291693929990e7d2066319020d2763a6b26cc39125

    • SHA512

      71d9073756c5ee9b7c33244dfa3d95dc13c479e67543ffd8ce68dde7194694a469e1473c4c48f95cf00f096cb5303296b485da22a8eeb1781850355e2fe6668e

    • SSDEEP

      49152:TOD+bTI6YTDml4HJPHDQkOBU0f9iygcrxZ3aU5ZAIrRo2ht1L14vk2DlMijg7Ccp:Kv85E+r

    Score
    10/10
    darkcloudstealer

    • DarkCloud

      An information stealer written in Visual Basic.

      stealerdarkcloud

    • Detects executables containing SQL queries to confidential data stores. Observed in infostealers

    • UPX dump on OEP (original entry point)

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks