darkcloud | 579c6f487fea9a0c670699c79188429336c8682b217f35a3a329bce06526cf67 | Triage

Sharing

General

Target

Terfasteners - SOA.exe
Size

781KB
Sample

221029-22sdqaahd9
MD5

f49064dd35a37ea6528be4e213c878fa
SHA1

974210200d6350cae4b8a240435afae4d6885b9e
SHA256

579c6f487fea9a0c670699c79188429336c8682b217f35a3a329bce06526cf67
SHA512

48a0ecef1724e416c1b01b73b239ceb0acbac15d9253115e6cf073401bffae3d67968235b1f98f3b61ef47b47cf59072594a04ae6a4bac88652ed952846e14f3
SSDEEP

6144:BNAQ3m8L4Io6RgCasuGhBI/j1Qul/VIf8/lG+w4FNqAhvCvPybHVoUxK1WFhgAk/:T3mztCasviNlzlG+bnqAl9HCZ1vA

Score

10^/10

darkcloud stealer

Malware Config

Extracted

Family

darkcloud

Attributes

email_from
[email protected]
email_to
[email protected]

Targets

- Target
  
  Terfasteners - SOA.exe
- Size
  
  781KB
- MD5
  
  f49064dd35a37ea6528be4e213c878fa
- SHA1
  
  974210200d6350cae4b8a240435afae4d6885b9e
- SHA256
  
  579c6f487fea9a0c670699c79188429336c8682b217f35a3a329bce06526cf67
- SHA512
  
  48a0ecef1724e416c1b01b73b239ceb0acbac15d9253115e6cf073401bffae3d67968235b1f98f3b61ef47b47cf59072594a04ae6a4bac88652ed952846e14f3
- SSDEEP
  
  6144:BNAQ3m8L4Io6RgCasuGhBI/j1Qul/VIf8/lG+w4FNqAhvCvPybHVoUxK1WFhgAk/:T3mztCasviNlzlG+bnqAl9HCZ1vA
Score

10^/10

darkcloud stealer
- DarkCloud
  An information stealer written in Visual Basic.
  stealer darkcloud
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcloudstealer

behavioral2

darkcloudstealer