General

  • Target

    01072025_0555_30062025_PO-0579008-06-2025-PR10476-QTY2000-MQ1096.gz

  • Size

    889KB

  • Sample

    250701-gmwsdaeq21

  • MD5

    6a44eb50444fafe0b586cbba7ed89709

  • SHA1

    97e36774a8fe4dd68b0013ee137a82c4e273b8d5

  • SHA256

    65dbcada67da8c6c5b55f13a118c29dfdfbd937ebaa9e681728ca8d795cf01f2

  • SHA512

    f35b519b0921c04c97c0b0267dfb983ef912bf3a9bbcf098a6a8e3eb5c124d550f8f30f54db1f70ae9dba45a39c6b85db01e3209cc7122347e47dad99b247b8e

  • SSDEEP

    24576:Jf32q0VhLj157/F2fp3CyAq18coIvOUtfOBJAJE77HTMk7lz:J/6PdRgfpyyAGi6OBJMwDTMU

Malware Config

Targets

    • Target

      PO-0579008-06-2025-PR10476-QTY2000-MQ1096.exe

    • Size

      1.4MB

    • MD5

      a8535a1fe947003205769a60caf62a85

    • SHA1

      404edb030a9ef75a8180fd2038b0dda9a4712d75

    • SHA256

      c2007e0411f63e97e4a06c99ec5841d6bb3a83e11526f572585df38343f3859e

    • SHA512

      b82c8fad4d4c853c8d98ba396b5878c20e085aa38e836a6824859dda2dd0a9ecf0e5b0f194e75ecd936778c78665d0c5f3574f682367ebde9f1ba5e81468681e

    • SSDEEP

      24576:y5EmXFtKaL4/oFe5T9yyXYfP1ijXdaZDbIPdzV6f6qsrSrQcJB6Je:yPVt/LZeJbInQRaZAFQf6qV0eB6

    • DarkCloud

      An information stealer written in Visual Basic.

    • Darkcloud family

    • Drops startup file

    • Executes dropped EXE

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v16

Tasks