General

  • Target

    99e56015a213e62d7ef8be81eb267702c743fb8e736950731e573fb96941bf97.exe

  • Size

    1.3MB

  • Sample

    250311-esdgwa1yb1

  • MD5

    c57914b63256088cb216b002d0cfcb33

  • SHA1

    c1d20451b8cbb0ee1da1ce42ff45deced2982838

  • SHA256

    99e56015a213e62d7ef8be81eb267702c743fb8e736950731e573fb96941bf97

  • SHA512

    1028e08b7b9705ac58a9d09a91bfe8c26a77e9b2b132dc3db87d98044d3f898db7ef03e9a3ad677f44909766ca4b7d449248143b6dcf3c79a33b7fe1b6b7aeaf

  • SSDEEP

    24576:Xu6J33O0c+JY5UZ+XC0kGso6Fa2/spmZvWDBNuotiDWY:xu0c++OCvkGs9Fa2/spIvWlNuoXY

Malware Config

Extracted

Family

darkcloud

Credentials

  • Protocol:
    ftp
  • Host:
    @StrFtpServer
  • Port:
    21
  • Username:
    @StrFtpUser
  • Password:
    @StrFtpPass

Targets

    • Target

      99e56015a213e62d7ef8be81eb267702c743fb8e736950731e573fb96941bf97.exe

    • Size

      1.3MB

    • MD5

      c57914b63256088cb216b002d0cfcb33

    • SHA1

      c1d20451b8cbb0ee1da1ce42ff45deced2982838

    • SHA256

      99e56015a213e62d7ef8be81eb267702c743fb8e736950731e573fb96941bf97

    • SHA512

      1028e08b7b9705ac58a9d09a91bfe8c26a77e9b2b132dc3db87d98044d3f898db7ef03e9a3ad677f44909766ca4b7d449248143b6dcf3c79a33b7fe1b6b7aeaf

    • SSDEEP

      24576:Xu6J33O0c+JY5UZ+XC0kGso6Fa2/spmZvWDBNuotiDWY:xu0c++OCvkGs9Fa2/spIvWlNuoXY

    • DarkCloud

      An information stealer written in Visual Basic.

    • Darkcloud family

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks