Overview

overview

10

Static

static

1

e-dekont �...25.exe

windows10-2004-x64

10

Spastisk.ps1

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    03042025_0913_01042025_e-dekont 02.04.2025.uue

  • Size

    960KB

  • Sample

    250403-k61gfswrs2

  • MD5

    40d00c5609e5ad775665b6955517d807

  • SHA1

    12d7fcd265422aefcae506573c4699fa143a11f0

  • SHA256

    54f2d94e0187df9dd93790685a539fb748c44dc22c6869d47512d4d43694d3ad

  • SHA512

    1320360ce1da046c02ce0c8fbf73d51c5899a3c7a41ac6736f068812ec53af49c5a3ca5d9cd06624cfa54969227d3d36c51a67bc7c13b5365a964d7a6aa28c8d

  • SSDEEP

    24576:0IsHm540mqVEOLgrXa7gWgjw8EjgFfbz+8oqeXAUEP7U/XZHW/M:0IKJlqXWEYEefbMdA1Y8/M

Score
10/10
darkclouddiscoveryexecutionpersistencestealer

Malware Config

Extracted

Family

darkcloud

Attributes

Targets

    • Target

      e-dekont – 02.04.2025.exe

    • Size

      976KB

    • MD5

      dc219b6f4c32a80c24f2e4e35f668bb4

    • SHA1

      25db317d7619f446312723f21fbfafba482734f3

    • SHA256

      8f08477a7d22a869fb074f6fd5a3d6fcb7a0f2c6edd1a98a15efa9d04b07acc6

    • SHA512

      c31b12bc2c5807ec8c6abf534cc610234e318aed5eab585f29384b5b400f99b002fe73ed8703d882f5ebe676db6330a3af6fe307dd6897a57838062b645a38ca

    • SSDEEP

      24576:BhFi0ERYgjc4gJ1mQbAGBGkkULtts9eCvJwC:Xw0vD1fA2GapSp/

    Score
    10/10
    darkclouddiscoveryexecutionstealer

    • DarkCloud

      An information stealer written in Visual Basic.

      stealerdarkcloud

    • Darkcloud family

      darkcloud

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

    • Target

      Spastisk.Mon

    • Size

      54KB

    • MD5

      0dd6bde75f23f98b72d3aa40fa3b61e8

    • SHA1

      c148b04d809c5d9e39b13f50356d7d41abe81f20

    • SHA256

      02e687ed7dc28b91cc89eb4189edf3554d953ea674950a6a62a80fac38c6ffe9

    • SHA512

      a7da969581dc282dbfcaaa45b70ebadfe53b1a458bf07458f9a509fe25866e6b84af7cdde3b8e67a89b9159774559c11bd9735c6f57af176466ead337f149809

    • SSDEEP

      768:YAbS43HRDKDBF4kkcPqv47XwBCt6tX5SlMFw3dwzaUu9KinB9l9q196A+JK/CJdD:YAbS43sfkgds4BMS3Kq9KCB9lon654A

    Score
    8/10
    executionpersistence

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral2

MITRE ATT&CK Enterprise v15

Tasks