General
-
Target
869ab9858bfbbb0e479ec4f2f3776ec952cdada4898e9f26d3322cb931c75cab.exe
-
Size
321KB
-
Sample
250302-c7jw4a1yhv
-
MD5
ab35ff92bf408bd51b448149176bc4a0
-
SHA1
57682af2cda8b6cc802daf0363c00e1c54188d03
-
SHA256
869ab9858bfbbb0e479ec4f2f3776ec952cdada4898e9f26d3322cb931c75cab
-
SHA512
2cf6aa02dc3030958293a638dc52d9afe81e5e08d4114485866e0635579b96053cd1b07c1f3d88513e94e09b7d7e590ab54feca2f4faff5c538050b6e4865972
-
SSDEEP
3072:FfYWlgNE08gmGbxl2GAD44RRlx/n2+2QFhHajELI4bMCOgl8FcU:GEOhbxl2GA3r/n24hagLrMZ5
Malware Config
Extracted
darkcloud
Protocol: ftp- Host:
@StrFtpServer - Port:
21 - Username:
@StrFtpUser - Password:
@StrFtpPass
Targets
-
-
Target
869ab9858bfbbb0e479ec4f2f3776ec952cdada4898e9f26d3322cb931c75cab.exe
-
Size
321KB
-
MD5
ab35ff92bf408bd51b448149176bc4a0
-
SHA1
57682af2cda8b6cc802daf0363c00e1c54188d03
-
SHA256
869ab9858bfbbb0e479ec4f2f3776ec952cdada4898e9f26d3322cb931c75cab
-
SHA512
2cf6aa02dc3030958293a638dc52d9afe81e5e08d4114485866e0635579b96053cd1b07c1f3d88513e94e09b7d7e590ab54feca2f4faff5c538050b6e4865972
-
SSDEEP
3072:FfYWlgNE08gmGbxl2GAD44RRlx/n2+2QFhHajELI4bMCOgl8FcU:GEOhbxl2GA3r/n24hagLrMZ5
Score10/10-
DarkCloud
An information stealer written in Visual Basic.
-
Darkcloud family
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Drops startup file
-
Suspicious use of SetThreadContext
-