General

  • Target

    PEDIDO_16-10-24.exe

  • Size

    781KB

  • Sample

    241017-jdjgss1dpm

  • MD5

    1216865947fcdc337eaa2f9eca1ef99b

  • SHA1

    bae3226be707aad220a777a477e9b5311b2ed3cb

  • SHA256

    773e56d43a64f8dc2f504591a154b045827841c9c352fcb0eb5e00ffb7d2494d

  • SHA512

    35eaaec86e945f98810d2bb4e44514bd7a9b161d0dde58389ddfbf007b5714a833df6de14d8c54a8240236a59c48c2a9863b704449227c45a58ab7ab8f6330f7

  • SSDEEP

    12288:PzM2N+YIzMWfaVHgxaMZloIZ5NubGdg0zdDg9UitmzHeCBJdcYpfe3iYQ:PzMddM0E2aMZRZ52GdgXUitmTJ+Yp

Malware Config

Extracted

Family

darkcloud

C2

https://api.telegram.org/bot8171626722:AAGIo9PvRpFrmWwamfv0SMURLy1PCYFG9a8/sendMessage?chat_id=6542615755

Targets

    • Target

      PEDIDO_16-10-24.exe

    • Size

      781KB

    • MD5

      1216865947fcdc337eaa2f9eca1ef99b

    • SHA1

      bae3226be707aad220a777a477e9b5311b2ed3cb

    • SHA256

      773e56d43a64f8dc2f504591a154b045827841c9c352fcb0eb5e00ffb7d2494d

    • SHA512

      35eaaec86e945f98810d2bb4e44514bd7a9b161d0dde58389ddfbf007b5714a833df6de14d8c54a8240236a59c48c2a9863b704449227c45a58ab7ab8f6330f7

    • SSDEEP

      12288:PzM2N+YIzMWfaVHgxaMZloIZ5NubGdg0zdDg9UitmzHeCBJdcYpfe3iYQ:PzMddM0E2aMZRZ52GdgXUitmTJ+Yp

    • DarkCloud

      An information stealer written in Visual Basic.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks