General

  • Target

    01052025_0659_29042025_RFQ_H8930-NTB650-MATERIALS-PDF (2).zip

  • Size

    778KB

  • Sample

    250501-hsld9sgl9t

  • MD5

    4c064072acec03828197584c44009e1e

  • SHA1

    c8284344f31205ab93c836320cfc44b57b32b416

  • SHA256

    32a635104f2a6da02b4b12bbb96aaaa5d6ae1c80ebc17e9a3717bda286e7d3e9

  • SHA512

    b4186b541aa0dda646a20b360b0a49ed01ae565e8650a84d8abf524af705e539213123781570379670fb9b3c0af1702583feb1901c5b2444f2926be59cd94368

  • SSDEEP

    24576:3ypc2e3o850/kKLILNDKwBws5/FDL1Ww7pVJCamuWUn:3EcfYo0/ksuNDKwBwspF3ww1C7uWUn

Malware Config

Extracted

Family

darkcloud

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.mailo.com
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    london@1759

Targets

    • Target

      RFQ_H8930-NTB650-MATERIALS-PDF.com

    • Size

      1.2MB

    • MD5

      3efc2bcb6ebfac2c3ce51599e0f70154

    • SHA1

      b64a88abffa398f17a52a144294740b4529ffe71

    • SHA256

      95944428ef26b5837521a903afb6fe771e33f6f489829e81c012129d0bbd2751

    • SHA512

      43888ebedb92c14676ed82a1da8130ca61a7755f2890f102f9b37863e430d47285671f46ac9c0595314fb9cbb528ed6ecb7b1d7174606c4fb10f9ab706462e8b

    • SSDEEP

      24576:htb20pkaCqT5TBWgNQ7aJhraFTL1ewx5V7wsmuBk9N6A:yVg5tQ7aJhraFHkwVwtuWT5

    • DarkCloud

      An information stealer written in Visual Basic.

    • Darkcloud family

    • Drops startup file

    • Executes dropped EXE

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v16

Tasks