ioc[.]one - OSINT Cyber Threat Intelligence Database

DarkTortilla Malware Analysis

Tags

cmtmf-attack-pattern:	Process Injection
country:	Bulgaria Germany Italy Spain Romania
attack-pattern:	Data Model Installutil - T1218.004 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Process Injection - T1631 Software - T1592.002 Steganography - T1001.002 Steganography - T1406.001 Steganography - T1027.003 Tool - T1588.002 Installutil - T1118 Powershell - T1086 Process Injection - T1055 Windows Management Instrumentation - T1047

Show in Graph

Common Information

Type	Value
UUID	72a97266-598f-490f-bad9-6089ab69c5e9
Fingerprint	28844950c1bfa30b
Analysis status	DONE
Considered CTI value	2
Text language
Published	Aug. 17, 2022, midnight
Added to db	Aug. 13, 2023, 9:04 a.m.
Last updated	Nov. 17, 2024, 10:40 p.m.
Headline	DarkTortilla Malware Analysis
Title	DarkTortilla Malware Analysis
Detected Hints/Tags/Attributes	88/3/93

Source URLs

	Redirection	Url
Details	Source	https://www.secureworks.com/research/darktortilla-malware-analysis

URL Provider

Details	Provider	Source level domain
Details	secureworks.com	www.secureworks.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	370	✔	—	https://www.secureworks.com/rss?feed=research	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	285	microsoft.net
Details	Domain	10	pastebin.pl
Details	Domain	81	blog.malwarebytes.com
Details	Domain	1	wiki.hackforums.net
Details	File	1	rfq-010129h.exe
Details	File	1	deserialize.dll
Details	File	1	shcore1.dll
Details	File	1	pvcore1.dll
Details	File	1	shcore2.dll
Details	File	1	brin.dll
Details	File	1	ukrusain.dll
Details	File	1	knifall.dll
Details	File	1	nullsbas.dll
Details	File	87	java.exe
Details	File	95	pdf.exe
Details	File	3	cookies.exe
Details	File	1	powershellinfo.exe
Details	File	1	c:\program files\windowspowershell\powershellinfo.exe
Details	File	1260	explorer.exe
Details	File	2126	cmd.exe
Details	File	48	applaunch.exe
Details	File	1122	svchost.exe
Details	File	103	regasm.exe
Details	File	83	installutil.exe
Details	File	41	mscorsvw.exe
Details	File	13	addinprocess32.exe
Details	File	119	avp.exe
Details	File	1	sertif.exe
Details	File	12	watchdog.exe
Details	File	1	watchdog.txt
Details	File	748	kernel32.dll
Details	File	8	pastebin.pl
Details	md5	1	d00bee25fa9dc9024fdf632727286708
Details	md5	1	25ee0bd09dfa02c94fdf632727286708
Details	md5	1	0e362e7005823d0bec3719b902ed6d62
Details	md5	1	59295e810bbdbfd64b8c41316ea13cae
Details	md5	1	18391a58ee25a5cb8dfbf4d48517b5b0
Details	md5	1	981aa83b2d33cca994021197237ac5ee
Details	md5	1	3ad3402f7d25f04f4e76985f4ec8744c
Details	md5	1	84872b60072011eab8940f3b49bdb582
Details	md5	1	3da0f44d45a1d6676d52ce691d2f6d75
Details	md5	1	5e03556be992d23088a3c49d24c45b1c
Details	md5	1	21cd275bffb4e536348e8128d50374b6
Details	md5	1	2d74df3ce221f6ff48d20bac158a3e78
Details	md5	1	0563e691801251cdfd363eee31858ead
Details	md5	1	4f15b28c91fa0e8d0dd9e86481bad04f
Details	md5	1	a34fcaf564d08de7c4c0c513fc6e122d
Details	md5	1	827258f907c5087f498c413d28e2203e
Details	md5	1	5e0cb6076002b11a39636e07a217b493
Details	md5	1	55d7d9bd9d4a511417033b6c14ce93f9
Details	md5	1	62d6a6e6c6414f0cb7e455baee1d3ab7
Details	md5	1	c37aae0ff565a2e44f144f837b750279
Details	md5	1	dde386911b091e894746b0f12d88a1fd
Details	md5	1	a0b96236bfd79d2ebeadb8e3deb9448a
Details	md5	1	f3ec8edd1ea9672b7ad4793934bb4c47
Details	md5	1	93fe6600c51014d7d6c2afedf8398f92
Details	md5	1	8f7340704745f3d53b284c101e93c42f
Details	md5	1	45ef054bca2ae4d67e6623bf28ff75e5
Details	md5	1	d178924602674c654e1b569aa74601cd
Details	md5	1	6e91ad0972e104a277505104abe39d1e
Details	md5	1	261d699c3bb1a0042b88a45ed340f2d8
Details	md5	1	b3754c6ecc445e9a3b37c5ebe68adb96
Details	md5	1	30ca4aa89a8e8515468f39ae8131f141
Details	md5	1	cd49f7c3c4e82dee128eedea9879bc33
Details	md5	1	619bf90a8ea219e34bf57dda1a322914
Details	md5	1	0a5dc3b6669cf31e8536c59fe1315918
Details	md5	1	eb4ecfd87998445e2eeb8fed64bd2f2c
Details	md5	1	851816aa8cf45ba769f0d9420acfb3e5
Details	md5	1	4178d5efa388caf2d0ffd4539cf285b1
Details	md5	1	083acce46cb8cf35e37c778d1f4aee68
Details	md5	1	14bca72d2874b793a47f9823f51df0fe
Details	md5	1	f44695a8febb2a35576a59fa984629d2
Details	md5	1	37ec57e5da46dc1990941a1bb3ffab9e
Details	md5	1	53b3b37b7d1e40c80fcda2c424cd8373
Details	md5	1	79ac2ce93023de6c22ba3e2d94679671
Details	md5	1	8d8c551dd572a1dc158de239b37eaa9a
Details	md5	1	6d4b4bcd107b09af37996c73a6448379
Details	md5	1	5be86cfca25e295f88b5aab42a6f604d
Details	md5	1	2f1bb97f3c73b01df664c137908e2ec4
Details	md5	1	0f89a2015ed9c1be5522e27c00276e52
Details	md5	1	5ad5b35f6cc093067c6f219f2d2107f4
Details	md5	1	93dd1202697dbaed9ef4f4707f262821
Details	md5	1	2bf13aad096de29c14924b1dae1d6d5b
Details	md5	1	590d860b909804349e0cdc2f1662b37b
Details	md5	1	2d0dc6216f613ac7551a7e70a798c22a
Details	md5	1	ee8eb9819428b1357e2b8c73bef905ad
Details	sha1	1	590d860b909804349e0cdc2f1662b37bd62f7463
Details	sha256	1	2d0dc6216f613ac7551a7e70a798c22aee8eb9819428b1357e2b8c73bef905ad
Details	Url	1	https://pastebin.pl/view/raw/60b6b03b
Details	Url	1	https://blog.malwarebytes.com/cybercrime/malware/2017/03/explained-packer-crypter-and-protector
Details	Url	1	https://blog.malwarebytes.com/threat-analysis/2015/08/rainbows-steganography-and-malware-in-a-new-net-cryptor
Details	Url	1	https://wiki.hackforums.net/rats_crew
Details	Url	1	https://www.gosecure.net/blog/2021/11/02/new-malware-gameloader-in-discord-malspam-campaign-identified-by-gosecure-titan-labs