General

  • Target

    56865b02e4db16957d53b8ffaa0f533ffdd9465dbebe90d44bc936a54cd37468

  • Size

    1000KB

  • Sample

    240930-m9578asamr

  • MD5

    cb4cce46a111d52238d23b181d820781

  • SHA1

    0925ed6491efd79f5bd12da759d9130f91464281

  • SHA256

    56865b02e4db16957d53b8ffaa0f533ffdd9465dbebe90d44bc936a54cd37468

  • SHA512

    671ac9ad5e1e0616a1769908dcb5e8375d8075c25c427c3132bddcb04a6d5598e3513a3a83894a1a4578a8e79b7c7e21481e93bbed4d83eccccc9d52c85118f4

  • SSDEEP

    24576:2Uxcq3wP+jdUdxUr5sxJVe+U0QLw8qDcN3D7FxQ:WrP+jdUdur5sxJY+U0z8qQ9

Malware Config

Extracted

Family

darkcloud

Attributes

Targets

    • Target

      56865b02e4db16957d53b8ffaa0f533ffdd9465dbebe90d44bc936a54cd37468

    • Size

      1000KB

    • MD5

      cb4cce46a111d52238d23b181d820781

    • SHA1

      0925ed6491efd79f5bd12da759d9130f91464281

    • SHA256

      56865b02e4db16957d53b8ffaa0f533ffdd9465dbebe90d44bc936a54cd37468

    • SHA512

      671ac9ad5e1e0616a1769908dcb5e8375d8075c25c427c3132bddcb04a6d5598e3513a3a83894a1a4578a8e79b7c7e21481e93bbed4d83eccccc9d52c85118f4

    • SSDEEP

      24576:2Uxcq3wP+jdUdxUr5sxJVe+U0QLw8qDcN3D7FxQ:WrP+jdUdur5sxJY+U0z8qQ9

    • DarkCloud

      An information stealer written in Visual Basic.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks