General

  • Target

    factura2.bat.exe

  • Size

    1.2MB

  • Sample

    250430-jr7rjsfr4s

  • MD5

    c50fdcc4cc84066a4fb5f942f099d91b

  • SHA1

    b728ec0f0e5f6e3e7baaddae55c9c70ec4c8180b

  • SHA256

    a02f3cec54ecc4c8ff49d15cd64e9d2cd1c00534e92c63b44a7f17f79c3ecdb6

  • SHA512

    fbd625ee9822649c7e30898a59f0ba918e5543c1829a2be4fe676547de298e368e452f3715ad3616ca58928fe51ebe3c38ef093c519b92fb9053954ef8211102

  • SSDEEP

    24576:Mtb20pkaCqT5TBWgNQ7a6pB2ak+m7hKwi7kNM3ym6A:1Vg5tQ7a632a4qfV5

Malware Config

Extracted

Family

darkcloud

Attributes

Targets

    • Target

      factura2.bat.exe

    • Size

      1.2MB

    • MD5

      c50fdcc4cc84066a4fb5f942f099d91b

    • SHA1

      b728ec0f0e5f6e3e7baaddae55c9c70ec4c8180b

    • SHA256

      a02f3cec54ecc4c8ff49d15cd64e9d2cd1c00534e92c63b44a7f17f79c3ecdb6

    • SHA512

      fbd625ee9822649c7e30898a59f0ba918e5543c1829a2be4fe676547de298e368e452f3715ad3616ca58928fe51ebe3c38ef093c519b92fb9053954ef8211102

    • SSDEEP

      24576:Mtb20pkaCqT5TBWgNQ7a6pB2ak+m7hKwi7kNM3ym6A:1Vg5tQ7a632a4qfV5

    • DarkCloud

      An information stealer written in Visual Basic.

    • Darkcloud family

    • Drops startup file

    • Executes dropped EXE

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v16

Tasks