Overview

overview

10

Static

static

10

1208-0-0x0...ry.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1208-0-0x0000000000400000-0x0000000000458000-memory.dmp

  • Size

    352KB

  • Sample

    250402-d63s9az1bw

  • MD5

    9c575048bf319873dc165a1fb8e2bd8c

  • SHA1

    d24dba62869b15cbda0c8ff1a5d5a8412a2c313c

  • SHA256

    1d7ed4fc898492ec227a2842a7086dcccad42588dd08452903a99b76638104c5

  • SHA512

    1ef30bea354f8427adc540ff790d3b1ed6ffa7117747fe2f93ace41b5380fd18718ea6bf607a4958a391ea1a4ae9ff28de337dd6566245bbe468de8edbd8973e

  • SSDEEP

    6144:O8d1/w5KA81IJ8GpF6nuTmOOUmEZq6BoIW6rN07yZ3zBJ0em:djYKkJj6GmZULZq6Y6u7yZjr

Score
10/10
darkclouddiscoveryspywarestealer

Malware Config

Extracted

Family

darkcloud

Credentials

  • Protocol:     ftp
  • Host:
    @StrFtpServer
  • Port:
    21
  • Username:
    @StrFtpUser
  • Password:
    @StrFtpPass

Targets

    • Target

      1208-0-0x0000000000400000-0x0000000000458000-memory.dmp

    • Size

      352KB

    • MD5

      9c575048bf319873dc165a1fb8e2bd8c

    • SHA1

      d24dba62869b15cbda0c8ff1a5d5a8412a2c313c

    • SHA256

      1d7ed4fc898492ec227a2842a7086dcccad42588dd08452903a99b76638104c5

    • SHA512

      1ef30bea354f8427adc540ff790d3b1ed6ffa7117747fe2f93ace41b5380fd18718ea6bf607a4958a391ea1a4ae9ff28de337dd6566245bbe468de8edbd8973e

    • SSDEEP

      6144:O8d1/w5KA81IJ8GpF6nuTmOOUmEZq6BoIW6rN07yZ3zBJ0em:djYKkJj6GmZULZq6Y6u7yZjr

    Score
    7/10
    discoveryspywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks