General

  • Target

    PEDIDO PV0155511.rar

  • Size

    743KB

  • Sample

    241016-qtbv8asamd

  • MD5

    04cb7308648d8cc04669419c86362f47

  • SHA1

    f60f1d49447966af176d42863a6ee5e6ed7ae70a

  • SHA256

    69246a8d105d6aa41b2c4d72fd4b511549866ddab20ae8fea231793b3433c4b9

  • SHA512

    53f5ca9e963708c488e502d1027da92973f0c67ac72c16856b43c4288c89664f13d84524ee8933bc35bbad299b4f0bf6c04a3ca189f2535c05cd930b8486d979

  • SSDEEP

    12288:kcugfkhovr5z7Lv0BXWHF6/UFnstaKRYkaksrs6EVxR6fS6CcXyqikAib/VK56:12yVvKRcFstaKR2zrDEVxR6f3X1DA0/L

Malware Config

Extracted

Family

darkcloud

C2

https://api.telegram.org/bot8171626722:AAGIo9PvRpFrmWwamfv0SMURLy1PCYFG9a8/sendMessage?chat_id=6542615755

Targets

    • Target

      PEDIDO PV0155511.exe

    • Size

      806KB

    • MD5

      2a5ad62b4cf94952164467b22c0064a5

    • SHA1

      8cb2cee66a55b620969a1093b5f8590a6a4cc7ca

    • SHA256

      358474ad2351f5a3b12e63af3097541879a12f45a395be698b45107ae295b1e1

    • SHA512

      4ff9d3c2e835c468b8e5fa225ecb01c77df6e68469feb2ef2cb22b17edeec8f81882c8bcadb75345aa4f5360af668c4649aa0469534d5416c856542ad3a9b104

    • SSDEEP

      24576:7RY7ECknlgbxch0oIKF6ReKabril9OLxKn:7ReECMlgbBPKHKkrilk

    • DarkCloud

      An information stealer written in Visual Basic.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks