General

  • Target

    Bank Slip Confirmation REF090987654339973542007- 5 25_pdf.exe

  • Size

    1.1MB

  • Sample

    250508-kl8bkaztds

  • MD5

    bcff74aef17804f9b603ef711d25e8a6

  • SHA1

    019c5fbbe8b8df41dab98549fd20f61f51e08c4c

  • SHA256

    93479144093f3a0466dace3e7de79ae3c10c6ba4d2cd56b0b6ded961b7229fca

  • SHA512

    b2206deb91d8cc146f855a0412b43bdccdfcb5a53068c100082e67a8d97b422d6a805e0e569db24c719c31f82297541267c9b9ae20cf920d3042976aee7953e8

  • SSDEEP

    24576:BhWj39Ff5nj9pShvS/TUnDGGE0sWoEkwwwJCjA7fYo7IL1:XWj3fBnj9pS1SLIvZD5JCjwfS

Malware Config

Targets

    • Target

      Bank Slip Confirmation REF090987654339973542007- 5 25_pdf.exe

    • Size

      1.1MB

    • MD5

      bcff74aef17804f9b603ef711d25e8a6

    • SHA1

      019c5fbbe8b8df41dab98549fd20f61f51e08c4c

    • SHA256

      93479144093f3a0466dace3e7de79ae3c10c6ba4d2cd56b0b6ded961b7229fca

    • SHA512

      b2206deb91d8cc146f855a0412b43bdccdfcb5a53068c100082e67a8d97b422d6a805e0e569db24c719c31f82297541267c9b9ae20cf920d3042976aee7953e8

    • SSDEEP

      24576:BhWj39Ff5nj9pShvS/TUnDGGE0sWoEkwwwJCjA7fYo7IL1:XWj3fBnj9pS1SLIvZD5JCjwfS

    • DarkCloud

      An information stealer written in Visual Basic.

    • Darkcloud family

    • Guloader family

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Blocklisted process makes network request

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      $PLUGINSDIR/nsExec.dll

    • Size

      7KB

    • MD5

      84bcbefa5fe3d82647a15f135f22fb2a

    • SHA1

      7c23a0c1a8b185f5af456dafa63a3c1207d8c1dc

    • SHA256

      14ebfa0711b48ec748b6e4985db4b99a827996ae44b28122d16f14d0d0f51bb6

    • SHA512

      c0e4ca46be6892b2cec77992e809897bcb768e3436d9bd81e4f84f4f1da9ef123ae902783147d263ac8019c732f131654694ad4105888c1f310c7bce8844b7dd

    • SSDEEP

      96:0Vl/7KOuFlKHMpXGu8FX6eT3sQk1u2QmIG4fa9IJ4V:0Vl+hSs2u85TTHkZQmgy9I0

    Score
    3/10

MITRE ATT&CK Enterprise v16

Tasks