Overview

overview

10

Static

static

3

PRICE DOCUMENT.exe

windows10-2004-x64

10

PRICE DOCUMENT.exe

windows11-21h2-x64

10

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows11-21h2-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    17042025_0834_PRICE DOCUMENT.exe.rar

  • Size

    714KB

  • Sample

    250417-kgjgmsvls2

  • MD5

    20644b68e7b72efa898016f318d6b897

  • SHA1

    a3c38ef9e756e9811d6a8158ddd10f5a2990affc

  • SHA256

    0c1172de36ebda969914314e4c09bfd910d398cda2952a75413db36a7f18d3fb

  • SHA512

    e7f8c4d63d83167a7e1f72c5ba684f5a8c3307c00d0c900d9768db2acda37d15ef4777272b2ef34c8fddf6a830aeee9da27835202a03e0b3057f2aa9384e36de

  • SSDEEP

    12288:PXNAKHeXLfAdCurqMtZGtRz/qI+FLtxBU6dq5YktjLJWFbqSIpY/rF5UoaiHlBva:PXNAK89PlbzqLbSOq5zGGirwVqlc

Score
10/10
darkcloudguloaderdiscoverydownloaderspywarestealer

Malware Config

Targets

    • Target

      PRICE DOCUMENT.exe

    • Size

      741KB

    • MD5

      cbd2adf469c63fc4dc5c324b8185fc65

    • SHA1

      8207dfb884f8eebc1dace7fb3fb61de0a824b45b

    • SHA256

      69b5131e236cf15dc4ccb40c937ea0aa077d6b50c1bf05430a65f1999b5bb0e9

    • SHA512

      5638b5ed3ecb7647a8c7bddaff10dcbef5d4aed9370c288f6e3d513e6f5b7d3057275f1ec820efcabf53cdf8b1c061743d6ee29e7f72785b06becf87cee9516f

    • SSDEEP

      12288:jGYhNEFqmqt0xdOZC6m4/OUFL8u/0tTB/F9bomOvnEKELo2HT1lDAY6NhOdz:jGYXu80gZCTWFkNFZKvnVi5hA3Odz

    Score
    10/10
    darkcloudguloaderdiscoverydownloaderspywarestealer

    • DarkCloud

      An information stealer written in Visual Basic.

      stealerdarkcloud

    • Darkcloud family

      darkcloud

    • Guloader family

      guloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Loads dropped DLL

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      6f5257c0b8c0ef4d440f4f4fce85fb1b

    • SHA1

      b6ac111dfb0d1fc75ad09c56bde7830232395785

    • SHA256

      b7ccb923387cc346731471b20fc3df1ead13ec8c2e3147353c71bb0bd59bc8b1

    • SHA512

      a3cc27f1efb52fb8ecda54a7c36ada39cefeabb7b16f2112303ea463b0e1a4d745198d413eebb3551e012c84a20dcdf4359e511e51bc3f1a60b13f1e3bad1aa8

    • SSDEEP

      96:zPDYcJ+nx4vVp76JX7zBlkCg21Fxz4THxtrqw1at0JgwLEjo+OB3yUVCdl/wNj+y:zPtkuWJX7zB3kGwfy0nyUVsxCjOM61u

    Score
    3/10
    discovery
    behavioral3behavioral4

MITRE ATT&CK Enterprise v16

Tasks