Resubmissions

02/05/2025, 07:22

250502-h7dmzayxbz 10

General

  • Target

    VRT0099 Proforma Invoice_279000664115877399945_pdf.exe

  • Size

    800KB

  • Sample

    250502-h7dmzayxbz

  • MD5

    08edd99f0381763a31c89fdc50423973

  • SHA1

    3453360593b177da29a8b728387cf08f75c1b013

  • SHA256

    94acc0b0084416f9cbc108bd0e6cd8c914f98e1c002493e505c39d9f4af73a7a

  • SHA512

    0585b23cb964f043e556931e7b7cdc72dbc9abfc691a8295cd040370f5f0b98310d8471fbef9b87e7fa68551b8b00cd4f3c8d6394df76578da38b28ad566a15f

  • SSDEEP

    12288:kI8md7NV67bougzJxQChtO7GAXQbYKr270xhOAe62MoETjs3r153A:Fd7NV6gu6JC6AXQbZrOGOAeDKTg3rM

Malware Config

Targets

    • Target

      VRT0099 Proforma Invoice_279000664115877399945_pdf.exe

    • Size

      800KB

    • MD5

      08edd99f0381763a31c89fdc50423973

    • SHA1

      3453360593b177da29a8b728387cf08f75c1b013

    • SHA256

      94acc0b0084416f9cbc108bd0e6cd8c914f98e1c002493e505c39d9f4af73a7a

    • SHA512

      0585b23cb964f043e556931e7b7cdc72dbc9abfc691a8295cd040370f5f0b98310d8471fbef9b87e7fa68551b8b00cd4f3c8d6394df76578da38b28ad566a15f

    • SSDEEP

      12288:kI8md7NV67bougzJxQChtO7GAXQbYKr270xhOAe62MoETjs3r153A:Fd7NV6gu6JC6AXQbZrOGOAeDKTg3rM

    • DarkCloud

      An information stealer written in Visual Basic.

    • Darkcloud family

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Loads dropped DLL

    • Adds Run key to start application

    • Blocklisted process makes network request

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      $PLUGINSDIR/nsExec.dll

    • Size

      6KB

    • MD5

      143e45d5929ba564ba0c3a0773be76e6

    • SHA1

      c7e108ad681dd19afc646a43f7ce757388653f57

    • SHA256

      8459feb67b7eb0caaaed607e0f36c8d4979abf1bad87e7f1c7c2b97c73174d6d

    • SHA512

      1114403b9af202396ffe32610e1160313ff22c488f87b4a8f771d14fda02a954af7beacad5655143dafdf0af9a76b2a0d5c121ef57819e0567c367578482f003

    • SSDEEP

      96:T7fhZwXd8KgEbAa9PweF1WxD8ZLMJGgmkN238:0N8KgWAuLWxD8ZAGgmkN

    Score
    3/10

MITRE ATT&CK Enterprise v16

Tasks