Overview

overview

10

Static

static

3

Pedido-450...df.exe

windows7-x64

3

Pedido-450...df.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Pedido-450065456-56545339.pdf.exe

  • Size

    321KB

  • Sample

    250301-q2lqdssrt3

  • MD5

    ab35ff92bf408bd51b448149176bc4a0

  • SHA1

    57682af2cda8b6cc802daf0363c00e1c54188d03

  • SHA256

    869ab9858bfbbb0e479ec4f2f3776ec952cdada4898e9f26d3322cb931c75cab

  • SHA512

    2cf6aa02dc3030958293a638dc52d9afe81e5e08d4114485866e0635579b96053cd1b07c1f3d88513e94e09b7d7e590ab54feca2f4faff5c538050b6e4865972

  • SSDEEP

    3072:FfYWlgNE08gmGbxl2GAD44RRlx/n2+2QFhHajELI4bMCOgl8FcU:GEOhbxl2GA3r/n24hagLrMZ5

Score
10/10
darkclouddiscoverystealer

Malware Config

Extracted

Family

darkcloud

Credentials

  • Protocol:     ftp
  • Host:
    @StrFtpServer
  • Port:
    21
  • Username:
    @StrFtpUser
  • Password:
    @StrFtpPass

Targets

    • Target

      Pedido-450065456-56545339.pdf.exe

    • Size

      321KB

    • MD5

      ab35ff92bf408bd51b448149176bc4a0

    • SHA1

      57682af2cda8b6cc802daf0363c00e1c54188d03

    • SHA256

      869ab9858bfbbb0e479ec4f2f3776ec952cdada4898e9f26d3322cb931c75cab

    • SHA512

      2cf6aa02dc3030958293a638dc52d9afe81e5e08d4114485866e0635579b96053cd1b07c1f3d88513e94e09b7d7e590ab54feca2f4faff5c538050b6e4865972

    • SSDEEP

      3072:FfYWlgNE08gmGbxl2GAD44RRlx/n2+2QFhHajELI4bMCOgl8FcU:GEOhbxl2GA3r/n24hagLrMZ5

    Score
    10/10
    discoverydarkcloudstealer

    • DarkCloud

      An information stealer written in Visual Basic.

      stealerdarkcloud

    • Darkcloud family

      darkcloud

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks