General

  • Target

    cb2d711304377c0cf637d497ffea41f9ed0b31a907be15df53f369b7a6974327.exe

  • Size

    1.3MB

  • Sample

    250311-fj2zjsslt7

  • MD5

    57e9a6b2f9b226c04d6e5843da5dfcd2

  • SHA1

    0b051574e6bdf3810a30a2c239f0c3b44ee63e6e

  • SHA256

    cb2d711304377c0cf637d497ffea41f9ed0b31a907be15df53f369b7a6974327

  • SHA512

    65272f661c733ea423fc895d3f1a37d4476dccde506de1411267f4ac8ffcf1c001b5a1cf906d109369de055724cc82b9d6f08efc7716558ea7c7dde3ce64b8ce

  • SSDEEP

    24576:0u6J33O0c+JY5UZ+XC0kGso6FaWYysVPDWKH4scs3WY:Ou0c++OCvkGs9FafPDWKYlvY

Malware Config

Extracted

Family

darkcloud

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.dorasanat.com.tr
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    K0BRhY6s,&aN

Targets

    • Target

      cb2d711304377c0cf637d497ffea41f9ed0b31a907be15df53f369b7a6974327.exe

    • Size

      1.3MB

    • MD5

      57e9a6b2f9b226c04d6e5843da5dfcd2

    • SHA1

      0b051574e6bdf3810a30a2c239f0c3b44ee63e6e

    • SHA256

      cb2d711304377c0cf637d497ffea41f9ed0b31a907be15df53f369b7a6974327

    • SHA512

      65272f661c733ea423fc895d3f1a37d4476dccde506de1411267f4ac8ffcf1c001b5a1cf906d109369de055724cc82b9d6f08efc7716558ea7c7dde3ce64b8ce

    • SSDEEP

      24576:0u6J33O0c+JY5UZ+XC0kGso6FaWYysVPDWKH4scs3WY:Ou0c++OCvkGs9FafPDWKYlvY

    • DarkCloud

      An information stealer written in Visual Basic.

    • Darkcloud family

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks