Overview

overview

10

Static

static

5

DAS09876567800.exe

windows7-x64

10

DAS09876567800.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6ee52ddac88787c4a19e0badc1254b50bdc51581.zip.tar.gz

  • Size

    807KB

  • Sample

    250327-kwyj4sztas

  • MD5

    e0c6b84e1a8f05690df28a4a1f205efb

  • SHA1

    313aa5579458bf4264a4675581fb1ca380073601

  • SHA256

    5ad16f3e0933a719074d4d3c0fb9d3bda7a178729fcc506a8ba91ea725854c4a

  • SHA512

    3bff4829b2e602910e6e299a8f7124b876b255d9e862d8c36e9157b60b8c19fcc4ae1c9f91a233ff5277e5d196f77a8cc77acf913210dbf9dc70dd129aaab6f9

  • SSDEEP

    24576:iGSzFTmpsgtSY0jT23DttD81rlfbnQdWQ:uBmpjtGjT23D+bQdWQ

Score
10/10
darkclouddiscoverystealerupx

Malware Config

Extracted

Family

darkcloud

Attributes

Targets

    • Target

      DAS09876567800.exe

    • Size

      1.3MB

    • MD5

      0dbeba5dd7585ab072cc0f15a95fd4ac

    • SHA1

      ab1f07574200224ee5ce206d923d6591b8456ff2

    • SHA256

      27b3117f8576dffaf9d057dd4bb67e1a521795518be5796c93a876d2e61d3af7

    • SHA512

      058327c3571bfbf811a37a5b48a55d4ee6b0e39f4c849ce52c5024da3e9833bbfd9c098fcba72ffa852d96df4f06c906acb0bc87f85672046b3033510e398611

    • SSDEEP

      24576:Iu6J33O0c+JY5UZ+XC0kGso6Fa7S47DyWqTY1GZdPyWt7l9WY:iu0c++OCvkGs9Fa7S4SWsyWlaY

    Score
    10/10
    darkclouddiscoverystealerupx

    • DarkCloud

      An information stealer written in Visual Basic.

      stealerdarkcloud

    • Darkcloud family

      darkcloud

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks