General

  • Target

    2000-1348-0x0000000000400000-0x0000000000470000-memory.dmp

  • Size

    448KB

  • Sample

    250310-qm7z3swxbx

  • MD5

    1a7e9333f11b1e3dba382816a66dcd7e

  • SHA1

    2239d4efaa444f4cae9d4c53f399f1cb6eb34e6a

  • SHA256

    3d9dfc4cdde92ebcb9aca86d1d03a32b5df46cf6d44a17ecf13688acbb2264e4

  • SHA512

    2e00f2e964eb6f339c22ec094eb89582c52b042d044e3d056bbf23144059408bf7ebe33ee1545b8b70e5877e8d55b8ffa5464a71e234fc40dcb5c5cd20855071

  • SSDEEP

    6144:H8d1/w5KA81IJ8GpF6nuTmOOUNYaLNFkpHjSiyCiegFkMq9EJ2J5rZO:cjYKkJj6GmZUNYaLruGiyCzikMqFBZO

Malware Config

Extracted

Family

darkcloud

Attributes

Targets

    • Target

      2000-1348-0x0000000000400000-0x0000000000470000-memory.dmp

    • Size

      448KB

    • MD5

      1a7e9333f11b1e3dba382816a66dcd7e

    • SHA1

      2239d4efaa444f4cae9d4c53f399f1cb6eb34e6a

    • SHA256

      3d9dfc4cdde92ebcb9aca86d1d03a32b5df46cf6d44a17ecf13688acbb2264e4

    • SHA512

      2e00f2e964eb6f339c22ec094eb89582c52b042d044e3d056bbf23144059408bf7ebe33ee1545b8b70e5877e8d55b8ffa5464a71e234fc40dcb5c5cd20855071

    • SSDEEP

      6144:H8d1/w5KA81IJ8GpF6nuTmOOUNYaLNFkpHjSiyCiegFkMq9EJ2J5rZO:cjYKkJj6GmZUNYaLruGiyCzikMqFBZO

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks