General

  • Target

    08052025_0142_06052025_Urgent Inquiry.pdf.txz

  • Size

    603KB

  • Sample

    250508-b4t28ayrt8

  • MD5

    355614a8adfed510b2c094dcdfd33d4d

  • SHA1

    1b07ad0772bfd55298124da7f4ba86f4ebe5406b

  • SHA256

    5887935c2890696501d664c20ed8b59b604800c017d748f543893ad8044c79ef

  • SHA512

    f21ab8992fb17bdca03720b89f42236d7e4db8ffd06599a3fe5ea2cc2468d8c72a3e853fefc8464b9146fc0bc828a7e25e408cf1a7c56799cecde5ba5bce16c8

  • SSDEEP

    12288:ZcwpyEhoq6d0kP1BG6/HwO0H0d1JbNSvNkVC6dxbJCjfglwPGU0f:Zchq5CJ/HwDgxNSlafd/2QP

Malware Config

Targets

    • Target

      Urgent Inquiry.pdf.exe

    • Size

      682KB

    • MD5

      a346d84d354b9671636a7c4d211c902d

    • SHA1

      a25533d33633c6c170f73a78c9a2cfce1042a0a9

    • SHA256

      78d3f4aa79f1212e0790aae90cf50d8cf757a76ff082b8be0360c0a7641721b9

    • SHA512

      5e3d7b10d5a021fd3d435a3bb4544091663741fc9bb1913283e30ba9821cb0d630da95039405c46e7cddac389fa8eacd03d7aaaf92c1b65ce7e636a54d4c8ace

    • SSDEEP

      12288:rEIzsB0Z2P8aeWGEOioqyO41wGN63RQ3D6mR3+oqfvJFyzIlAglGT:m0kP2WPOi4Oyw3YJ7YJFHAn

    • DarkCloud

      An information stealer written in Visual Basic.

    • Darkcloud family

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Loads dropped DLL

    • Blocklisted process makes network request

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      $PLUGINSDIR/nsExec.dll

    • Size

      6KB

    • MD5

      98bdb37511634dad8d1236d91d373b26

    • SHA1

      778cf74b4f8860cc378fa4e61aeba318197783ce

    • SHA256

      938580b466533dfa1461e9858fd106b60e1a52b713380915cc03afd3e4b4573c

    • SHA512

      5a7a903c2346750f20c0b41ceb6259bc7a5c9c6779acfeef94e0cea756aebabef58fdd83389353a165530279ec74ff20b903fc9a11acf475ef9471bd5e8d140e

    • SSDEEP

      96:CjHFiKaoggCtJzTlKXb0tbo68qD853Ns7GgmkND3m+s:nbogRtJzTlNR8qD85uGgmkNK

    Score
    3/10

MITRE ATT&CK Enterprise v16

Tasks