General

  • Target

    ĐƠN HÀNG A 2500533 - SUN PRINT (ORDER A 2500533 - SUN PRINT).exe

  • Size

    1.1MB

  • Sample

    250506-g55s1aak5t

  • MD5

    872c4691834b62c47c75dcfeaf76af3f

  • SHA1

    648570b30f388c3ca0979d4f0571d4d942220bd2

  • SHA256

    d5c15cfadbdeb50cd7e0e60f63c3d78f76b8a10f62a6940e02079b2ba10f832f

  • SHA512

    0b7672cd4fe14f57cfe7f991bfe6126a6323fcfbc4aff1f3b73372d87e4b4236d937e03a3d63c42453bc3a6e6480d3d9c5843dae60099a0792ceddcde2e1450b

  • SSDEEP

    24576:XaByL7hef9ii+WPlV62t6yHLkU1l8Xc3ogb1zs:XaTfsi+WPlgq6uy

Malware Config

Targets

    • Target

      ĐƠN HÀNG A 2500533 - SUN PRINT (ORDER A 2500533 - SUN PRINT).exe

    • Size

      1.1MB

    • MD5

      872c4691834b62c47c75dcfeaf76af3f

    • SHA1

      648570b30f388c3ca0979d4f0571d4d942220bd2

    • SHA256

      d5c15cfadbdeb50cd7e0e60f63c3d78f76b8a10f62a6940e02079b2ba10f832f

    • SHA512

      0b7672cd4fe14f57cfe7f991bfe6126a6323fcfbc4aff1f3b73372d87e4b4236d937e03a3d63c42453bc3a6e6480d3d9c5843dae60099a0792ceddcde2e1450b

    • SSDEEP

      24576:XaByL7hef9ii+WPlV62t6yHLkU1l8Xc3ogb1zs:XaTfsi+WPlgq6uy

    • DarkCloud

      An information stealer written in Visual Basic.

    • Darkcloud family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v16

Tasks