General

  • Target

    04032025_1715_Revised Invoice VT-1307701765400112977_pdf.txz

  • Size

    853KB

  • Sample

    250304-vsk5qav1g1

  • MD5

    8daa5c69afadaeabc93643a246150067

  • SHA1

    22194769a8d21512c94d6780efa4b92d99f810f0

  • SHA256

    784bef9af316d4a271ab3ca9eb6c4567041ce14cd0751fcfbafce9d8684abc78

  • SHA512

    8f5ef7afe0024729ff279b43b86641dc61eb9d08e9c98ba2b478fc24a325397c162f9745b4bc363a6fc381bfa5c99cdde124be709b800a6c5aca70a599c72361

  • SSDEEP

    12288:wnGEr56Aox8heuL8NlDUqS6BcKmAisO8QiFJi44Gn3mqa9UamxLRUjpbYIlmd3JP:wRr56AiKObdF082DaambUjdYIAE05hEi

Malware Config

Extracted

Family

darkcloud

Credentials

  • Protocol:
    ftp
  • Host:
    @StrFtpServer
  • Port:
    21
  • Username:
    @StrFtpUser
  • Password:
    @StrFtpPass

Targets

    • Target

      Revised Invoice VT-1307701765400112977_pdf.exe

    • Size

      949KB

    • MD5

      f05da6ed938cc54483958e77fb9550ac

    • SHA1

      20841d422c93b31458a2edec412334966e9afd89

    • SHA256

      57f9bd6b2c6861bc380b64ecd2bb3d68b9021c097aca8d32954dbb02478e5dbd

    • SHA512

      96d9c8e5c570ca25413aadde6ed197923ffa73cf93316dad3681fb71df0d17572e7e082c89217bc43dee3686815030610098e0c19b3a230eeb1c63149b1299e8

    • SSDEEP

      12288:wR7sf+Xy8T/BtGwCiHufc6GMFC/e9esIre1mv2bdZ0QRE7XKmvrDbTJhThc2KmrG:aXy8/CxcpfWcRZwTKPRvjK4izQgb1FZ

    • DarkCloud

      An information stealer written in Visual Basic.

    • Darkcloud family

    • Guloader family

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      3e6bf00b3ac976122f982ae2aadb1c51

    • SHA1

      caab188f7fdc84d3fdcb2922edeeb5ed576bd31d

    • SHA256

      4ff9b2678d698677c5d9732678f9cf53f17290e09d053691aac4cc6e6f595cbe

    • SHA512

      1286f05e6a7e6b691f6e479638e7179897598e171b52eb3a3dc0e830415251069d29416b6d1ffc6d7dce8da5625e1479be06db9b7179e7776659c5c1ad6aa706

    • SSDEEP

      192:eP24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35OlbSl:T8QIl975eXqlWBrz7YLOlb

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks