General

  • Target

    invoice.exe

  • Size

    1.2MB

  • Sample

    250304-jzhsdsvvbv

  • MD5

    11dcf616c9ba676358f45f9dad9dd76d

  • SHA1

    72aca8573cf6a671c7b00afe478e48334fc56b58

  • SHA256

    de61aeb6ede1d93a6391fd889f0864cb7ad312c3a759db83d7f01d4363c566bd

  • SHA512

    6894b9708e3efbaf472edcf223944181ac5e2708603d2525c9f762b50569c0c22d3af1c242e073d5a52e341370c18434ac0ad88ab66b8de6f0573328eaea19b1

  • SSDEEP

    24576:Uu6J33O0c+JY5UZ+XC0kGso6Fawg8osTmX61lYkq88vJBhBL1PVZ5WY:uu0c++OCvkGs9Faw4TX61lYkPIVp1dCY

Malware Config

Extracted

Family

darkcloud

Credentials

  • Protocol:
    ftp
  • Host:
    @StrFtpServer
  • Port:
    21
  • Username:
    @StrFtpUser
  • Password:
    @StrFtpPass

Targets

    • Target

      invoice.exe

    • Size

      1.2MB

    • MD5

      11dcf616c9ba676358f45f9dad9dd76d

    • SHA1

      72aca8573cf6a671c7b00afe478e48334fc56b58

    • SHA256

      de61aeb6ede1d93a6391fd889f0864cb7ad312c3a759db83d7f01d4363c566bd

    • SHA512

      6894b9708e3efbaf472edcf223944181ac5e2708603d2525c9f762b50569c0c22d3af1c242e073d5a52e341370c18434ac0ad88ab66b8de6f0573328eaea19b1

    • SSDEEP

      24576:Uu6J33O0c+JY5UZ+XC0kGso6Fawg8osTmX61lYkq88vJBhBL1PVZ5WY:uu0c++OCvkGs9Faw4TX61lYkPIVp1dCY

    • DarkCloud

      An information stealer written in Visual Basic.

    • Darkcloud family

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks