General

  • Target

    c4bf41b21fbf588fa863aaf613815ebdb3e453c51f8b75c08803c866a5a543c3.rar

  • Size

    695KB

  • Sample

    250305-d7wfkaxqt6

  • MD5

    a20fedb1d8ceb2ab4e7f4bef3b64cee2

  • SHA1

    a807014234cfce31b5dc21723cfa5b967eed93d3

  • SHA256

    c4bf41b21fbf588fa863aaf613815ebdb3e453c51f8b75c08803c866a5a543c3

  • SHA512

    2296fd4e05f20fbcc32ca20960ea36c3a6c195c1c211e749d8d5da32d03a3ec773b4d61febfbc093f8cc72fca6fefe2c1bcf556d911276d4b09ed2c9fd518945

  • SSDEEP

    12288:Rb0fflRCmIIRxUauBsMy9L95pkzCMJEaWj7K9ds/SiELp/EIniXgyYF4v7kTECVX:F0rDrRxUauBsMydSfyCkud/zeg7u7bC5

Malware Config

Extracted

Family

darkcloud

Credentials

  • Protocol:
    ftp
  • Host:
    @StrFtpServer
  • Port:
    21
  • Username:
    @StrFtpUser
  • Password:
    @StrFtpPass

Targets

    • Target

      invoice.exe

    • Size

      1.2MB

    • MD5

      11dcf616c9ba676358f45f9dad9dd76d

    • SHA1

      72aca8573cf6a671c7b00afe478e48334fc56b58

    • SHA256

      de61aeb6ede1d93a6391fd889f0864cb7ad312c3a759db83d7f01d4363c566bd

    • SHA512

      6894b9708e3efbaf472edcf223944181ac5e2708603d2525c9f762b50569c0c22d3af1c242e073d5a52e341370c18434ac0ad88ab66b8de6f0573328eaea19b1

    • SSDEEP

      24576:Uu6J33O0c+JY5UZ+XC0kGso6Fawg8osTmX61lYkq88vJBhBL1PVZ5WY:uu0c++OCvkGs9Faw4TX61lYkPIVp1dCY

    • DarkCloud

      An information stealer written in Visual Basic.

    • Darkcloud family

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks