General

  • Target

    957bf5b5dfb56a3e4c39e4ed64eabec268ec48d540d58f598b43d296280ff987.exe

  • Size

    990KB

  • Sample

    250311-eqvnda1js7

  • MD5

    1d4111190469b688a89df3cb76e52a6f

  • SHA1

    2b89237cf1d8b8878a87d664f86865408c75ca17

  • SHA256

    957bf5b5dfb56a3e4c39e4ed64eabec268ec48d540d58f598b43d296280ff987

  • SHA512

    9f09d8629dddc400d98bd5ec7bb5e69bf548f429502a0afd25d6966847327e5624f65b95d4c634ef50ff7f9ca60c7b5d20fede1916df2904577fc07e9f2028bb

  • SSDEEP

    24576:aF30LYVBJabjYhFMrc1t37/QIHuEkn6tEPUYqpZJ1Ft:a1VDabjOMof3bQ5Ekn2mURPF

Malware Config

Extracted

Family

darkcloud

Credentials

  • Protocol:
    ftp
  • Port:
    21

Targets

    • Target

      957bf5b5dfb56a3e4c39e4ed64eabec268ec48d540d58f598b43d296280ff987.exe

    • Size

      990KB

    • MD5

      1d4111190469b688a89df3cb76e52a6f

    • SHA1

      2b89237cf1d8b8878a87d664f86865408c75ca17

    • SHA256

      957bf5b5dfb56a3e4c39e4ed64eabec268ec48d540d58f598b43d296280ff987

    • SHA512

      9f09d8629dddc400d98bd5ec7bb5e69bf548f429502a0afd25d6966847327e5624f65b95d4c634ef50ff7f9ca60c7b5d20fede1916df2904577fc07e9f2028bb

    • SSDEEP

      24576:aF30LYVBJabjYhFMrc1t37/QIHuEkn6tEPUYqpZJ1Ft:a1VDabjOMof3bQ5Ekn2mURPF

    • DarkCloud

      An information stealer written in Visual Basic.

    • Darkcloud family

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks