General

  • Target

    3020-23-0x0000000000400000-0x0000000000460000-memory.dmp

  • Size

    384KB

  • Sample

    250305-qrqllazsg1

  • MD5

    170aa066812dc531595a7501d5e7a383

  • SHA1

    43776a228b4d7bfe25ebf65c18dd95ace4cddc97

  • SHA256

    a5f5be26b52ea591a3347935bc21bda61824e36ae4537009a88652a0789f572b

  • SHA512

    a091ead0141ced941499f8abcda4bb47c83b8a700ca26c9f9f02dc0ecb6e2e2707addc9f7ae3cfeb4df1a7f5c598edbdf99f56a1870bc0608ae7e846e967a600

  • SSDEEP

    6144:Y3YbZ8d1/w5KA81IJ8GpF6nuTmOOUPO3n9LKc113y1LynY4hEKZSQkJR67fe:YzjYKkJj6GmZUun9LB+Lyn3+ZJ0e

Malware Config

Extracted

Family

darkcloud

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.condormalta.com
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    ~N#]]bSO$0-R

Targets

    • Target

      3020-23-0x0000000000400000-0x0000000000460000-memory.dmp

    • Size

      384KB

    • MD5

      170aa066812dc531595a7501d5e7a383

    • SHA1

      43776a228b4d7bfe25ebf65c18dd95ace4cddc97

    • SHA256

      a5f5be26b52ea591a3347935bc21bda61824e36ae4537009a88652a0789f572b

    • SHA512

      a091ead0141ced941499f8abcda4bb47c83b8a700ca26c9f9f02dc0ecb6e2e2707addc9f7ae3cfeb4df1a7f5c598edbdf99f56a1870bc0608ae7e846e967a600

    • SSDEEP

      6144:Y3YbZ8d1/w5KA81IJ8GpF6nuTmOOUPO3n9LKc113y1LynY4hEKZSQkJR67fe:YzjYKkJj6GmZUun9LB+Lyn3+ZJ0e

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks