General

  • Target

    a2b63cfc83341df550a845c72da06bd762c4ddd556c4d5d65da204025decbc25.exe

  • Size

    11KB

  • Sample

    250311-exmw4s1k12

  • MD5

    df942e590f6b479bf347270f6821f684

  • SHA1

    b768dae42679ce201c7275a58a431284ac662bb3

  • SHA256

    a2b63cfc83341df550a845c72da06bd762c4ddd556c4d5d65da204025decbc25

  • SHA512

    6a353a22f65af28a074d4e8a712fab81774ba0421909a46b8a99d42765e1fc47adaa939bb5a3c6a6a9a001e57a493b972d9d8b3b96061e84a242a0729275c2ed

  • SSDEEP

    192:GYJoCeCH4rqYMGnZaWOj878Z9/kmak8GCC47UTabVI9n9wOIJ:GY2TCYTLnkv08nkmK3Zg+69wOI

Malware Config

Extracted

Family

darkcloud

Attributes

Targets

    • Target

      a2b63cfc83341df550a845c72da06bd762c4ddd556c4d5d65da204025decbc25.exe

    • Size

      11KB

    • MD5

      df942e590f6b479bf347270f6821f684

    • SHA1

      b768dae42679ce201c7275a58a431284ac662bb3

    • SHA256

      a2b63cfc83341df550a845c72da06bd762c4ddd556c4d5d65da204025decbc25

    • SHA512

      6a353a22f65af28a074d4e8a712fab81774ba0421909a46b8a99d42765e1fc47adaa939bb5a3c6a6a9a001e57a493b972d9d8b3b96061e84a242a0729275c2ed

    • SSDEEP

      192:GYJoCeCH4rqYMGnZaWOj878Z9/kmak8GCC47UTabVI9n9wOIJ:GY2TCYTLnkv08nkmK3Zg+69wOI

    • DarkCloud

      An information stealer written in Visual Basic.

    • Darkcloud family

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Drops startup file

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks