General

  • Target

    RE Purchase Order 45232429.exe

  • Size

    1.1MB

  • Sample

    250506-kw81vabq7t

  • MD5

    7c569d356c8d2d21bdd921fd9fa963a3

  • SHA1

    a0fb3f3407bdb93372943eb5058c2cb7891fed8d

  • SHA256

    ba241aac2ad9f5b875f55d54d04eb99026e80d9bcb7abcfc2142b86fc939aded

  • SHA512

    daa5fa28eb06c9f9aef596da350a21efed52182246963444b2608313839ebfb9ee84788a2e88ff9720b38ecb678901bdb5b754960d0122eb7a1655624f4c432a

  • SSDEEP

    24576:AlMPgS1rHBbVHKbzfO50wVSGjuS+3/TpqxVe4Tva+p9Yw:AlcBZ2fO50MPuZ/TAxI4Tvx2w

Malware Config

Targets

    • Target

      RE Purchase Order 45232429.exe

    • Size

      1.1MB

    • MD5

      7c569d356c8d2d21bdd921fd9fa963a3

    • SHA1

      a0fb3f3407bdb93372943eb5058c2cb7891fed8d

    • SHA256

      ba241aac2ad9f5b875f55d54d04eb99026e80d9bcb7abcfc2142b86fc939aded

    • SHA512

      daa5fa28eb06c9f9aef596da350a21efed52182246963444b2608313839ebfb9ee84788a2e88ff9720b38ecb678901bdb5b754960d0122eb7a1655624f4c432a

    • SSDEEP

      24576:AlMPgS1rHBbVHKbzfO50wVSGjuS+3/TpqxVe4Tva+p9Yw:AlcBZ2fO50MPuZ/TAxI4Tvx2w

    • DarkCloud

      An information stealer written in Visual Basic.

    • Darkcloud family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v16

Tasks