General

  • Target

    3188-1348-0x0000000000400000-0x0000000000470000-memory.dmp

  • Size

    448KB

  • Sample

    250310-rld62sxyhv

  • MD5

    89828fe76ac410515fecf5975e176e19

  • SHA1

    7271cf5b315ca52a798a1761b710088ca96fc351

  • SHA256

    a1c969d66ea4fe105a90f046b671491c34ba0981223367ea6e470a30a2b09ecb

  • SHA512

    08f5694c330cc997d419e1b4df26fc9ed2a94f5976c216880f68f73af477774550a998def1bdad9a68ea9ab9e5359e3737efec4263e74ae11a49997887262522

  • SSDEEP

    6144:HM8d1/w5KA81IJ8GpF6nuTmOOUg3v5Cp+XAHf6dyvCMIdCtl9EJ2J5rZ:/jYKkJj6GmZUuv5CpRydyvtaCtlFBZ

Malware Config

Extracted

Family

darkcloud

Attributes

Targets

    • Target

      3188-1348-0x0000000000400000-0x0000000000470000-memory.dmp

    • Size

      448KB

    • MD5

      89828fe76ac410515fecf5975e176e19

    • SHA1

      7271cf5b315ca52a798a1761b710088ca96fc351

    • SHA256

      a1c969d66ea4fe105a90f046b671491c34ba0981223367ea6e470a30a2b09ecb

    • SHA512

      08f5694c330cc997d419e1b4df26fc9ed2a94f5976c216880f68f73af477774550a998def1bdad9a68ea9ab9e5359e3737efec4263e74ae11a49997887262522

    • SSDEEP

      6144:HM8d1/w5KA81IJ8GpF6nuTmOOUg3v5Cp+XAHf6dyvCMIdCtl9EJ2J5rZ:/jYKkJj6GmZUuv5CpRydyvtaCtlFBZ

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks