Overview

overview

10

Static

static

3

Comprobant...df.exe

windows7-x64

3

Comprobant...df.exe

windows10-2004-x64

10

Resubmissions

27/02/2025, 06:35

250227-hcvb8szmz6 10

26/02/2025, 15:52

250226-ta57havse1 3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    26022025_1552_26022025_Comprobante de transferencia -00010013947094681603.pdf.uu

  • Size

    14KB

  • Sample

    250227-hcvb8szmz6

  • MD5

    93d09c75b64033ae355a3e61241f37c1

  • SHA1

    f3ae760d7ba3ecdba4a18b6b0368692fbf4b7b00

  • SHA256

    d85e1962a3edc01edd207bc3c07905df72bc96ef3f8479762ccb24d871493a80

  • SHA512

    6e38cbda3e6bc860a795c8eeffe5c89a236a7a0283b5523aa9f3f896912f21b9661aa1fcf67cd5af3c4322ee2dde5e19fcdab4daffa20a053e7570b840393598

  • SSDEEP

    384:Q8PudvT4hxORH9n1XUTzoxHn6rc3xdHs0TVb/RkyOunsc1:Q3twYR9nxUHo1nE47HLp/RhOU1

Score
10/10
darkclouddiscoverystealer

Malware Config

Extracted

Family

darkcloud

Credentials

  • Protocol:     ftp
  • Host:
    @StrFtpServer
  • Port:
    21
  • Username:
    @StrFtpUser
  • Password:
    @StrFtpPass

Targets

    • Target

      Comprobante de transferencia -00010013947094681603.pdf.exe

    • Size

      30KB

    • MD5

      834fc45ffb8f5e8bbb310a37fb49f62f

    • SHA1

      d0cdfd9d917ccd6a95b1e8d2c356684c252d9d0d

    • SHA256

      fa608155a455d94284e67191999e15da2794f2d8dd756cc81da3c7dcdf39726c

    • SHA512

      3ffb04197c8ecd471e0e98a0f00e930bd226127abafe27e2f2dddbb5e8674c44e0d06957defe3f268f1c4c53817d5c715d00bd7fb3526169d66d6f8c9bf0713d

    • SSDEEP

      768:rAP7AFOKX1UYhhIt1JQgG9MPzQgGlNEu//mbQ05XzA:kqXdvKzQZlWBU

    Score
    10/10
    discoverydarkcloudstealer

    • DarkCloud

      An information stealer written in Visual Basic.

      stealerdarkcloud

    • Darkcloud family

      darkcloud

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks