General

  • Target

    PO2504-0030.AT[WACKER NG 00425]_pdf.exe

  • Size

    785KB

  • Sample

    250506-kw8ebabq5z

  • MD5

    3ec02c4ab1a94189accaf79d1301c6c2

  • SHA1

    93fab5407c8985e06c40d6e9968a7db90d3ffa93

  • SHA256

    860f5000f33f99fbbbaac59c2f8e5ebde5af285c92f851f11e203a2c6bf55c38

  • SHA512

    91126a0855009ff55b858f4930869f09c6139727049f74fbdab1cb9f444747ee611d95a900635cd7624df19a894d841bd4fdfec34054f07cfa2f066fb6a5660e

  • SSDEEP

    12288:eI8md7NV6P6NL9Eei2Uyds7dH+maPXSjUdUKIwbkupDrs3r15O:/d7NV6P1p2U7hSP9xI2Y3rC

Malware Config

Targets

    • Target

      PO2504-0030.AT[WACKER NG 00425]_pdf.exe

    • Size

      785KB

    • MD5

      3ec02c4ab1a94189accaf79d1301c6c2

    • SHA1

      93fab5407c8985e06c40d6e9968a7db90d3ffa93

    • SHA256

      860f5000f33f99fbbbaac59c2f8e5ebde5af285c92f851f11e203a2c6bf55c38

    • SHA512

      91126a0855009ff55b858f4930869f09c6139727049f74fbdab1cb9f444747ee611d95a900635cd7624df19a894d841bd4fdfec34054f07cfa2f066fb6a5660e

    • SSDEEP

      12288:eI8md7NV6P6NL9Eei2Uyds7dH+maPXSjUdUKIwbkupDrs3r15O:/d7NV6P1p2U7hSP9xI2Y3rC

    • DarkCloud

      An information stealer written in Visual Basic.

    • Darkcloud family

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Loads dropped DLL

    • Blocklisted process makes network request

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      $PLUGINSDIR/nsExec.dll

    • Size

      6KB

    • MD5

      143e45d5929ba564ba0c3a0773be76e6

    • SHA1

      c7e108ad681dd19afc646a43f7ce757388653f57

    • SHA256

      8459feb67b7eb0caaaed607e0f36c8d4979abf1bad87e7f1c7c2b97c73174d6d

    • SHA512

      1114403b9af202396ffe32610e1160313ff22c488f87b4a8f771d14fda02a954af7beacad5655143dafdf0af9a76b2a0d5c121ef57819e0567c367578482f003

    • SSDEEP

      96:T7fhZwXd8KgEbAa9PweF1WxD8ZLMJGgmkN238:0N8KgWAuLWxD8ZAGgmkN

    Score
    3/10

MITRE ATT&CK Enterprise v16

Tasks