Overview

overview

10

Static

static

3

Factura M�...00.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Factura México-638300.exe

  • Size

    137KB

  • Sample

    250402-jpja6swnt9

  • MD5

    fc2d0d18e45e0ca745ed1957c1b79d9f

  • SHA1

    8361caecad41277a56d65bd0db2c13ba82c2d927

  • SHA256

    b24049d8feb9439b8946b6e1313a16dedfe9f479bf3e9fa9966952d0dbacbbdb

  • SHA512

    2e9e4c46b32f739ca247af485f48ec61ce54cfcd28111093838a0aa512d8eedb7c410ea7801793d0ac6422511030c59363c8803ccb287541b9d97aeed157c11f

  • SSDEEP

    3072:DoSJ/dMd0ku5SnUVCuGmejfBuddKTmDD911xlfrsZGvShTJDTk/:D7dMd0kubVCuGmejUqmN11UGvShT5k

Score
10/10
darkclouddiscoverystealer

Malware Config

Extracted

Family

darkcloud

Credentials

  • Protocol:     ftp
  • Host:
    @StrFtpServer
  • Port:
    21
  • Username:
    @StrFtpUser
  • Password:
    @StrFtpPass

Targets

    • Target

      Factura México-638300.exe

    • Size

      137KB

    • MD5

      fc2d0d18e45e0ca745ed1957c1b79d9f

    • SHA1

      8361caecad41277a56d65bd0db2c13ba82c2d927

    • SHA256

      b24049d8feb9439b8946b6e1313a16dedfe9f479bf3e9fa9966952d0dbacbbdb

    • SHA512

      2e9e4c46b32f739ca247af485f48ec61ce54cfcd28111093838a0aa512d8eedb7c410ea7801793d0ac6422511030c59363c8803ccb287541b9d97aeed157c11f

    • SSDEEP

      3072:DoSJ/dMd0ku5SnUVCuGmejfBuddKTmDD911xlfrsZGvShTJDTk/:D7dMd0kubVCuGmejUqmN11UGvShT5k

    Score
    10/10
    darkclouddiscoverystealer

    • DarkCloud

      An information stealer written in Visual Basic.

      stealerdarkcloud

    • Darkcloud family

      darkcloud

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks