General

  • Target

    INVOICE-0987656700900.bat.exe

  • Size

    1.3MB

  • Sample

    250430-jr73bafr4v

  • MD5

    2e7f005519b7cedf3d66bdea8175faa4

  • SHA1

    e18c62aca37fd81d4f122778ee2dff682ae6ab5c

  • SHA256

    26c54155fb74ee661b99ed139707a8d44dab95937e8bd549744289b17b2f8424

  • SHA512

    37d3338c5e8104c72a0e68dc983063efb1237ee8f93b34130dd8a05e3f1af0484fb9b0242075daafad1bd98d590f691279474777b5f23fe0ebc4793cf2d5c162

  • SSDEEP

    24576:Ttb20pkaCqT5TBWgNQ7aNDFiO/HQBsrIkasaSH6A:QVg5tQ7aNvOsrIk5a05

Malware Config

Extracted

Family

darkcloud

Attributes

Targets

    • Target

      INVOICE-0987656700900.bat.exe

    • Size

      1.3MB

    • MD5

      2e7f005519b7cedf3d66bdea8175faa4

    • SHA1

      e18c62aca37fd81d4f122778ee2dff682ae6ab5c

    • SHA256

      26c54155fb74ee661b99ed139707a8d44dab95937e8bd549744289b17b2f8424

    • SHA512

      37d3338c5e8104c72a0e68dc983063efb1237ee8f93b34130dd8a05e3f1af0484fb9b0242075daafad1bd98d590f691279474777b5f23fe0ebc4793cf2d5c162

    • SSDEEP

      24576:Ttb20pkaCqT5TBWgNQ7aNDFiO/HQBsrIkasaSH6A:QVg5tQ7aNvOsrIk5a05

    • DarkCloud

      An information stealer written in Visual Basic.

    • Darkcloud family

    • Drops startup file

    • Executes dropped EXE

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v16

Tasks