General

  • Target

    TT088541873- Proforma Invoice 2025_pdf.exe

  • Size

    764KB

  • Sample

    250430-kbw6jsxxds

  • MD5

    24db83f0de4c517db3660d7fefb6216c

  • SHA1

    86c79d69f13d3201b42316b6ba02a5150722349a

  • SHA256

    24f6470b79094f2308f48e09ba2814f33bba9b5383394a845c7d45098aedb435

  • SHA512

    2288ab63d1eef7086970f30d1f9f989a9ca77ca9cc7e438f23a58340c922141b84d80eccc8353dab0b367eba8acf0141844b37e0fb9f36a6a39ce0d63c009d82

  • SSDEEP

    12288:VI8md7NV6VWN1iWMgJ9q07pOvET+dC73xC2puHN/bH/Gs3r15q:6d7NV6VcMWrJ70vEl73X8HNTfT3rO

Malware Config

Targets

    • Target

      TT088541873- Proforma Invoice 2025_pdf.exe

    • Size

      764KB

    • MD5

      24db83f0de4c517db3660d7fefb6216c

    • SHA1

      86c79d69f13d3201b42316b6ba02a5150722349a

    • SHA256

      24f6470b79094f2308f48e09ba2814f33bba9b5383394a845c7d45098aedb435

    • SHA512

      2288ab63d1eef7086970f30d1f9f989a9ca77ca9cc7e438f23a58340c922141b84d80eccc8353dab0b367eba8acf0141844b37e0fb9f36a6a39ce0d63c009d82

    • SSDEEP

      12288:VI8md7NV6VWN1iWMgJ9q07pOvET+dC73xC2puHN/bH/Gs3r15q:6d7NV6VcMWrJ70vEl73X8HNTfT3rO

    • DarkCloud

      An information stealer written in Visual Basic.

    • Darkcloud family

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Blocklisted process makes network request

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      $PLUGINSDIR/nsExec.dll

    • Size

      6KB

    • MD5

      143e45d5929ba564ba0c3a0773be76e6

    • SHA1

      c7e108ad681dd19afc646a43f7ce757388653f57

    • SHA256

      8459feb67b7eb0caaaed607e0f36c8d4979abf1bad87e7f1c7c2b97c73174d6d

    • SHA512

      1114403b9af202396ffe32610e1160313ff22c488f87b4a8f771d14fda02a954af7beacad5655143dafdf0af9a76b2a0d5c121ef57819e0567c367578482f003

    • SSDEEP

      96:T7fhZwXd8KgEbAa9PweF1WxD8ZLMJGgmkN238:0N8KgWAuLWxD8ZAGgmkN

    Score
    3/10

MITRE ATT&CK Enterprise v16

Tasks