General

  • Target

    1fdc7b5d02e75ec173b96a3b273f755746b42b9b61c109e868fdbccce41eb70a

  • Size

    831KB

  • Sample

    250501-tzclgsdq2x

  • MD5

    9f87c3d5b544cdbc6eaa4f6464c55742

  • SHA1

    5d405b72a1867bc49080f0df3bb00f7d2685481d

  • SHA256

    1fdc7b5d02e75ec173b96a3b273f755746b42b9b61c109e868fdbccce41eb70a

  • SHA512

    e660c0673013fcac6029afa00b17650db026d37119ea041cc81f01f20a9a74bbb03ddcfd53bc6037263fe2ec61b2e247ed1df26516fb23758c94217c6563dc41

  • SSDEEP

    12288:M978JbBC1zyAKC051BOrSeZLWTK1pMWzOxLpjfQTVM9xlpPFw2xjaCTurGRghAdv:xJbBGkBOWe1oK1pMbVdoTVsxfPpyr6f

Malware Config

Targets

    • Target

      1fdc7b5d02e75ec173b96a3b273f755746b42b9b61c109e868fdbccce41eb70a

    • Size

      831KB

    • MD5

      9f87c3d5b544cdbc6eaa4f6464c55742

    • SHA1

      5d405b72a1867bc49080f0df3bb00f7d2685481d

    • SHA256

      1fdc7b5d02e75ec173b96a3b273f755746b42b9b61c109e868fdbccce41eb70a

    • SHA512

      e660c0673013fcac6029afa00b17650db026d37119ea041cc81f01f20a9a74bbb03ddcfd53bc6037263fe2ec61b2e247ed1df26516fb23758c94217c6563dc41

    • SSDEEP

      12288:M978JbBC1zyAKC051BOrSeZLWTK1pMWzOxLpjfQTVM9xlpPFw2xjaCTurGRghAdv:xJbBGkBOWe1oK1pMbVdoTVsxfPpyr6f

    • DarkCloud

      An information stealer written in Visual Basic.

    • Darkcloud family

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v16

Tasks