General

  • Target

    SecuriteInfo.com.Win32.MalwareX-gen.28745.10293.exe

  • Size

    1.1MB

  • Sample

    250502-jbyhyaaj7y

  • MD5

    1ca173777978e4e73995138c57622954

  • SHA1

    62f77f8255a244824739a2af319941ae976981ce

  • SHA256

    8d071dcb45fd83eb7e8f6495d6e6588adfcd1febce528844281452e882bbf12d

  • SHA512

    e73741e212d3e6024634838da25581202fec087bbde3fd36e05194438bb85d5e4b1f3fd0e15b1fdecf8743bb401fc5c9fe7d8ad3605b3ad6150f53b6f4cc5f7c

  • SSDEEP

    24576:W+y+w+Ls4HywWyIlXK/8PtEQ8vBBU6WdMxeCx52Ov:WBFQs43wl6OE95BDWqxdx52

Malware Config

Extracted

Family

darkcloud

C2

https://api.telegram.org/bot7725030292:AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs/sendMessage?chat_id=6732456666

Targets

    • Target

      SecuriteInfo.com.Win32.MalwareX-gen.28745.10293.exe

    • Size

      1.1MB

    • MD5

      1ca173777978e4e73995138c57622954

    • SHA1

      62f77f8255a244824739a2af319941ae976981ce

    • SHA256

      8d071dcb45fd83eb7e8f6495d6e6588adfcd1febce528844281452e882bbf12d

    • SHA512

      e73741e212d3e6024634838da25581202fec087bbde3fd36e05194438bb85d5e4b1f3fd0e15b1fdecf8743bb401fc5c9fe7d8ad3605b3ad6150f53b6f4cc5f7c

    • SSDEEP

      24576:W+y+w+Ls4HywWyIlXK/8PtEQ8vBBU6WdMxeCx52Ov:WBFQs43wl6OE95BDWqxdx52

    • DarkCloud

      An information stealer written in Visual Basic.

    • Darkcloud family

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v16

Tasks