General

  • Target

    prueba de transferencia.exe

  • Size

    834KB

  • Sample

    250506-kw81vabq6z

  • MD5

    cfd18d0625e716250154afd01a5880f9

  • SHA1

    1b1a7980bea442900bf1689b64c5f8a22f09600c

  • SHA256

    84ef5724bd0bd779f27a286cac2673abcbca0e2c14f7a61d850656b8a38beda6

  • SHA512

    a533a8ce33cebd249de46f2f98c5c057932f1da0c14265b3e5298dd742bd50c310da215d2b279b27358075ce68fbe6f08d386ff87754a2b82da09a257f4e7f33

  • SSDEEP

    24576:ZsqPXIFy20lEPFLqg72dOcBBw91DjhCZ:ZBXIQrJgSbQdj

Malware Config

Targets

    • Target

      prueba de transferencia.exe

    • Size

      834KB

    • MD5

      cfd18d0625e716250154afd01a5880f9

    • SHA1

      1b1a7980bea442900bf1689b64c5f8a22f09600c

    • SHA256

      84ef5724bd0bd779f27a286cac2673abcbca0e2c14f7a61d850656b8a38beda6

    • SHA512

      a533a8ce33cebd249de46f2f98c5c057932f1da0c14265b3e5298dd742bd50c310da215d2b279b27358075ce68fbe6f08d386ff87754a2b82da09a257f4e7f33

    • SSDEEP

      24576:ZsqPXIFy20lEPFLqg72dOcBBw91DjhCZ:ZBXIQrJgSbQdj

    • DarkCloud

      An information stealer written in Visual Basic.

    • Darkcloud family

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v16

Tasks