General

  • Target

    5ec655a308e7c2dce76053b973c4777e261ce215a17e199870b5662250b6bde6.exe

  • Size

    1.2MB

  • Sample

    250311-dxv22syqw7

  • MD5

    a77f98389fc9db96f0e05c51a4810877

  • SHA1

    a0203ecaea3cef231365f09eda26bcb3514fe8eb

  • SHA256

    5ec655a308e7c2dce76053b973c4777e261ce215a17e199870b5662250b6bde6

  • SHA512

    abc7c6bed24ac29bded04d3932d8f8f62c41b0554a061bbe0a4794f4376677be85ab43b2d19791f61ec10d66b5618e6c786c548204225280d5adf52568d063aa

  • SSDEEP

    24576:iu6J33O0c+JY5UZ+XC0kGso6FaNggG4L/vAfDWY:Eu0c++OCvkGs9FaNggJ/vdY

Malware Config

Extracted

Family

darkcloud

Credentials

  • Protocol:
    ftp
  • Host:
    @StrFtpServer
  • Port:
    21
  • Username:
    @StrFtpUser
  • Password:
    @StrFtpPass

Targets

    • Target

      5ec655a308e7c2dce76053b973c4777e261ce215a17e199870b5662250b6bde6.exe

    • Size

      1.2MB

    • MD5

      a77f98389fc9db96f0e05c51a4810877

    • SHA1

      a0203ecaea3cef231365f09eda26bcb3514fe8eb

    • SHA256

      5ec655a308e7c2dce76053b973c4777e261ce215a17e199870b5662250b6bde6

    • SHA512

      abc7c6bed24ac29bded04d3932d8f8f62c41b0554a061bbe0a4794f4376677be85ab43b2d19791f61ec10d66b5618e6c786c548204225280d5adf52568d063aa

    • SSDEEP

      24576:iu6J33O0c+JY5UZ+XC0kGso6FaNggG4L/vAfDWY:Eu0c++OCvkGs9FaNggJ/vdY

    • DarkCloud

      An information stealer written in Visual Basic.

    • Darkcloud family

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks