General

  • Target

    MODELO 347.exe

  • Size

    1.0MB

  • Sample

    250304-mav8zaymx8

  • MD5

    d64c13ac169fe8be6acbb9243cb256b3

  • SHA1

    309f791e294a9ad6c2d394bdb61c78f00aadb7da

  • SHA256

    79f7e76ba3a8780a2dd46d78aac07f2235f457ee2771ef4556b85c12f2be0061

  • SHA512

    8f0ece37892c17362ba3e2a8dd74b288adb00066d09e2c41cf3a3bc3f5d6dc4f937f30f5655a4cd73f18809b03564ae373cea62fbb5fd57e904e1fdd81b3aeed

  • SSDEEP

    12288:GRlpmCARYJKALOPijwRcgUKtpQZFWu7rS+eKVVN+FKZFPOZOlxNsxoFOmCVkk+Ah:GVemMMfrVvKlrC4uC7elQ

Malware Config

Extracted

Family

darkcloud

C2

https://api.telegram.org/bot8171626722:AAGIo9PvRpFrmWwamfv0SMURLy1PCYFG9a8/sendMessage?chat_id=6542615755

Targets

    • Target

      MODELO 347.exe

    • Size

      1.0MB

    • MD5

      d64c13ac169fe8be6acbb9243cb256b3

    • SHA1

      309f791e294a9ad6c2d394bdb61c78f00aadb7da

    • SHA256

      79f7e76ba3a8780a2dd46d78aac07f2235f457ee2771ef4556b85c12f2be0061

    • SHA512

      8f0ece37892c17362ba3e2a8dd74b288adb00066d09e2c41cf3a3bc3f5d6dc4f937f30f5655a4cd73f18809b03564ae373cea62fbb5fd57e904e1fdd81b3aeed

    • SSDEEP

      12288:GRlpmCARYJKALOPijwRcgUKtpQZFWu7rS+eKVVN+FKZFPOZOlxNsxoFOmCVkk+Ah:GVemMMfrVvKlrC4uC7elQ

    • DarkCloud

      An information stealer written in Visual Basic.

    • Darkcloud family

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks