General

  • Target

    15b7bc9aa52f4c28a467fab63624ce32e5346985c2e5fe513dff4ca9a3427de6.exe

  • Size

    1.2MB

  • Sample

    250509-psm2estyhs

  • MD5

    bd0f1eebb3cc8ba3c690737c6fc042fd

  • SHA1

    4a67473a078b73df084345bcf6c7b8746530c5b9

  • SHA256

    15b7bc9aa52f4c28a467fab63624ce32e5346985c2e5fe513dff4ca9a3427de6

  • SHA512

    05ccf6b886359e20e384e82a77878632662a572ff2cfe3f2c79ecca95d3ea1f04c3d7c591119733bae80be1452dfb94b35a29af3d25915ca69253df263202fee

  • SSDEEP

    24576:hu6J33O0c+JY5UZ+XC0kGso6FaA0orSVD4ZcfAWY:zu0c++OCvkGs9FaAXqUZCY

Malware Config

Extracted

Family

darkcloud

Attributes

Targets

    • Target

      15b7bc9aa52f4c28a467fab63624ce32e5346985c2e5fe513dff4ca9a3427de6.exe

    • Size

      1.2MB

    • MD5

      bd0f1eebb3cc8ba3c690737c6fc042fd

    • SHA1

      4a67473a078b73df084345bcf6c7b8746530c5b9

    • SHA256

      15b7bc9aa52f4c28a467fab63624ce32e5346985c2e5fe513dff4ca9a3427de6

    • SHA512

      05ccf6b886359e20e384e82a77878632662a572ff2cfe3f2c79ecca95d3ea1f04c3d7c591119733bae80be1452dfb94b35a29af3d25915ca69253df263202fee

    • SSDEEP

      24576:hu6J33O0c+JY5UZ+XC0kGso6FaA0orSVD4ZcfAWY:zu0c++OCvkGs9FaAXqUZCY

    • DarkCloud

      An information stealer written in Visual Basic.

    • Darkcloud family

    • Drops startup file

    • Executes dropped EXE

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v16

Tasks