General

  • Target

    ProformInvoice_2363849011063-2025_pdf.exe

  • Size

    772KB

  • Sample

    250430-jkg8bafp9x

  • MD5

    e37f0ffcb44b1b2b05eef448a9cb8aa3

  • SHA1

    f54e439a71218fc07e24ecb9cafff1801557010f

  • SHA256

    3203248b0e3c24c60bf93b4ddd4f17459da05376cb28314f97c20e11fa66348b

  • SHA512

    8ec27e949cfae5c48139d6a9364adfec5504c3ef57989256c26c716e530dee6cea8ad486ad0a8db736db860af12d9a826c1aaa037ffd86e3d4d1bc8a8117445e

  • SSDEEP

    12288:eI8md7NV67Dibs9DNg6y9qDBBD0vpiq9RQYKYDq5El2o8EhCcMNs3r15t:/d7NV6ymNAqT00iQ5YDqe8EhB93rp

Malware Config

Targets

    • Target

      ProformInvoice_2363849011063-2025_pdf.exe

    • Size

      772KB

    • MD5

      e37f0ffcb44b1b2b05eef448a9cb8aa3

    • SHA1

      f54e439a71218fc07e24ecb9cafff1801557010f

    • SHA256

      3203248b0e3c24c60bf93b4ddd4f17459da05376cb28314f97c20e11fa66348b

    • SHA512

      8ec27e949cfae5c48139d6a9364adfec5504c3ef57989256c26c716e530dee6cea8ad486ad0a8db736db860af12d9a826c1aaa037ffd86e3d4d1bc8a8117445e

    • SSDEEP

      12288:eI8md7NV67Dibs9DNg6y9qDBBD0vpiq9RQYKYDq5El2o8EhCcMNs3r15t:/d7NV6ymNAqT00iQ5YDqe8EhB93rp

    • DarkCloud

      An information stealer written in Visual Basic.

    • Darkcloud family

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Blocklisted process makes network request

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      $PLUGINSDIR/nsExec.dll

    • Size

      6KB

    • MD5

      143e45d5929ba564ba0c3a0773be76e6

    • SHA1

      c7e108ad681dd19afc646a43f7ce757388653f57

    • SHA256

      8459feb67b7eb0caaaed607e0f36c8d4979abf1bad87e7f1c7c2b97c73174d6d

    • SHA512

      1114403b9af202396ffe32610e1160313ff22c488f87b4a8f771d14fda02a954af7beacad5655143dafdf0af9a76b2a0d5c121ef57819e0567c367578482f003

    • SSDEEP

      96:T7fhZwXd8KgEbAa9PweF1WxD8ZLMJGgmkN238:0N8KgWAuLWxD8ZAGgmkN

    Score
    3/10

MITRE ATT&CK Enterprise v16

Tasks