General

  • Target

    4148-1349-0x0000000000400000-0x0000000000459000-memory.dmp

  • Size

    356KB

  • Sample

    250310-stz9xsztgt

  • MD5

    678049307793876038f99adff282cbd5

  • SHA1

    9cf379b1ef3cfde6ae50979680fea73f75884a6d

  • SHA256

    3fdadabf429ff73d7db56beb160577286363078b69806680c2986ed6a05e21c8

  • SHA512

    70c6a97f6b590c74978411082a388c636b254a4a4a6028dfda14e6c25f074d9e158a078964df0a3c4f42761f14aef375216d85c2ed966f0fc9786213fb7a2fe2

  • SSDEEP

    6144:r8d1/w5KA81IJ8GpF6nuTmOOUQA1xCJvPkCDrnlwyvvW/zYOV9I:wjYKkJj6GmZUQMxCJ5DRwyvurtV6

Malware Config

Extracted

Family

darkcloud

Credentials

  • Protocol:
    ftp
  • Host:
    @StrFtpServer
  • Port:
    21
  • Username:
    @StrFtpUser
  • Password:
    @StrFtpPass

Targets

    • Target

      4148-1349-0x0000000000400000-0x0000000000459000-memory.dmp

    • Size

      356KB

    • MD5

      678049307793876038f99adff282cbd5

    • SHA1

      9cf379b1ef3cfde6ae50979680fea73f75884a6d

    • SHA256

      3fdadabf429ff73d7db56beb160577286363078b69806680c2986ed6a05e21c8

    • SHA512

      70c6a97f6b590c74978411082a388c636b254a4a4a6028dfda14e6c25f074d9e158a078964df0a3c4f42761f14aef375216d85c2ed966f0fc9786213fb7a2fe2

    • SSDEEP

      6144:r8d1/w5KA81IJ8GpF6nuTmOOUQA1xCJvPkCDrnlwyvvW/zYOV9I:wjYKkJj6GmZUQMxCJ5DRwyvurtV6

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks