General
-
Target
80abc1583710c9563a3b2597c3e43cede93ea8f29c25aff537b51c606358f5b4.exe
-
Size
234KB
-
Sample
240627-bthlfavfrg
-
MD5
a7b146242ca06959d3ad7092d574733b
-
SHA1
f3ff9857bbceec7d9350e0eabf1d958ecb2b0293
-
SHA256
80abc1583710c9563a3b2597c3e43cede93ea8f29c25aff537b51c606358f5b4
-
SHA512
0e26bf27587a3e71ca2b4510aeecc9e0675156a7f94cc50385999d691ef94d271922d7c4434c7a736ac801fb0f700b1106aa4bbde7734ad0f3877963b936565d
-
SSDEEP
3072:JPtdwQBUo9tJ61SVL+9wqY+mhhhmitqOk:Rtd5BL/610Ki
Malware Config
Extracted
darkcloud
https://api.telegram.org/bot6686872771:AAGUwkUh0LMB8XwZ6Sv6jR4DHAsdZafImc0/sendMessage?chat_id=6542615755
Targets
-
-
Target
80abc1583710c9563a3b2597c3e43cede93ea8f29c25aff537b51c606358f5b4.exe
-
Size
234KB
-
MD5
a7b146242ca06959d3ad7092d574733b
-
SHA1
f3ff9857bbceec7d9350e0eabf1d958ecb2b0293
-
SHA256
80abc1583710c9563a3b2597c3e43cede93ea8f29c25aff537b51c606358f5b4
-
SHA512
0e26bf27587a3e71ca2b4510aeecc9e0675156a7f94cc50385999d691ef94d271922d7c4434c7a736ac801fb0f700b1106aa4bbde7734ad0f3877963b936565d
-
SSDEEP
3072:JPtdwQBUo9tJ61SVL+9wqY+mhhhmitqOk:Rtd5BL/610Ki
Score10/10-
DarkCloud
An information stealer written in Visual Basic.
-
Detects executables containing SQL queries to confidential data stores. Observed in infostealers
-
Detects executables using Telegram Chat Bot
-
UPX dump on OEP (original entry point)
-
Suspicious use of SetThreadContext
-