darkcloud | 0af86997d67c85c4d03e2d8b362a277f0bca5d09e2885e1a475ee4e009c1375e | Triage

Sharing

General

Target

0AF86997D67C85C4D03E2D8B362A277F0BCA5D09E2885E1A475EE4E009C1375E
Size

428KB
Sample

221123-r2d6zsda9t
MD5

867f1a2416db86bb60c80fb38777f45a
SHA1

34ab0976d86ec6db0fc69f55cce751eca3837943
SHA256

0af86997d67c85c4d03e2d8b362a277f0bca5d09e2885e1a475ee4e009c1375e
SHA512

45ee68aea5c19a0744e38667b2a3bc49ae8079f6dd78db6640265c26a9ae192602533c0a8134726437d14d5ff18582dc55cef8decd47e0b06a7fe5c7da4b8768
SSDEEP

12288:OsetZQiL986XQL1riTunUGzrURKAXHL8T:OserQi58CoITuHPKXHL8T

Score

10^/10

darkcloud stealer

Malware Config

Extracted

Family

darkcloud

Attributes

email_from
[email protected]
email_to
[email protected]

Targets

- Target
  
  PAUL DETAIL.exe
- Size
  
  817KB
- MD5
  
  a7340ee7541332a86cd95f782951ebbe
- SHA1
  
  d4dc87a386f69898d1a385b19f6b08f881d5bc82
- SHA256
  
  19b08a3d82aa6d41ab851f4cadcbe9199cfcf0f931076ea24601675630ac207b
- SHA512
  
  71495abe79a0bd3dcb4feb59c1707672bb3a9cd4174401843927101135c74324f4e601badbd110bf0e3dec64a3ea76a0447de7fe1f29d7623afba43260a50eec
- SSDEEP
  
  12288:etXKAsTzmv/BSSe3YqLdylsJBqygC6vau:etXyk53eXJ6pygv
Score

10^/10

darkcloud stealer
- DarkCloud
  An information stealer written in Visual Basic.
  stealer darkcloud
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcloudstealer

behavioral2

darkcloudstealer