General

  • Target

    ENQ186 OI REQUIRE RATE.exe

  • Size

    1.5MB

  • Sample

    250506-kwmslszps5

  • MD5

    2d5c065b605b63b75ba8bee67b8fff1f

  • SHA1

    b2670fe0ac0a5b757347ebda4084b6d08d932123

  • SHA256

    20ca1aaef6f9dad1f41dbb5005ffbc0c99ff774ece236b1816689a5a2f253796

  • SHA512

    c9641c847ff3d44bc944e0e74b0cbacf5b6a942669955f327d7acd19354733d97432ae12356a82a8d9ad884b0627c9acddc8d082f77894b6a0f8893131690570

  • SSDEEP

    24576:finnHY6yPlUu3hmDIEj4wenTao6CDa0YmLRIONpaTYC1E9WBz3e0eUAcsF+wN:SyPlUEccEj4wWfDSmaLhgUi0EFB

Malware Config

Targets

    • Target

      ENQ186 OI REQUIRE RATE.exe

    • Size

      1.5MB

    • MD5

      2d5c065b605b63b75ba8bee67b8fff1f

    • SHA1

      b2670fe0ac0a5b757347ebda4084b6d08d932123

    • SHA256

      20ca1aaef6f9dad1f41dbb5005ffbc0c99ff774ece236b1816689a5a2f253796

    • SHA512

      c9641c847ff3d44bc944e0e74b0cbacf5b6a942669955f327d7acd19354733d97432ae12356a82a8d9ad884b0627c9acddc8d082f77894b6a0f8893131690570

    • SSDEEP

      24576:finnHY6yPlUu3hmDIEj4wenTao6CDa0YmLRIONpaTYC1E9WBz3e0eUAcsF+wN:SyPlUEccEj4wWfDSmaLhgUi0EFB

    • DarkCloud

      An information stealer written in Visual Basic.

    • Darkcloud family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v16

Tasks