darkcloud | 88d3e6ab24b2309b81b9610ecb527390b5ad2ec6419e50ef357840e86f00b0bc | Triage

Sharing

General

Target

88D3E6AB24B2309B81B9610ECB527390B5AD2EC6419E50EF357840E86F00B0BC
Size

430KB
Sample

221123-r2h5yaab58
MD5

dc1b6bbac69256b0de48ff5c7d647ab0
SHA1

10c0e282aa517fd9186ab4f04b775a2e4bb8b768
SHA256

88d3e6ab24b2309b81b9610ecb527390b5ad2ec6419e50ef357840e86f00b0bc
SHA512

885e4996a7e85f03e830fa177c1ac9d3f26ce96a6baf3b60ab76e539b15c636258831abea123e369eb2fd5f9583678ae0d075740f7d490e967815bdb46de66ba
SSDEEP

12288:eKk/Igb+iwSiw3vpt6QIVsKO7tMgvrVxUnYGla2:eKk/FzfT8OxMgvLela2

Score

10^/10

darkcloud stealer

Malware Config

Extracted

Family

darkcloud

Attributes

email_from
[email protected]
email_to
[email protected]

Targets

- Target
  
  PAUL DETAIL's..exe
- Size
  
  817KB
- MD5
  
  c5d2095e8e1f8e9af9fd19ba2c885de4
- SHA1
  
  db7c115bec56a8a3672d32896db2375af842ddee
- SHA256
  
  2e4663d20f62d72f1ffd25ada448dc25fba8681ad0755fdd0451f460b2dc570c
- SHA512
  
  74ac28f939655b85dcf14d56df23942bee8c60a485aee361e5ebf64ffd53bb69e8b27106d7512d54130622325ab00dd917d04a9b729cfd9ddede5b8d2ecc5c66
- SSDEEP
  
  6144:SqyVDmmHOegxgaoJ6rVyFHp9pK3HseCSamdVFWGmOWCouHohuC9OJ+F8Y/WGMXEg:IMMO70JMmremUVF3pWfYJMlTLGdGtF
Score

10^/10

darkcloud stealer
- DarkCloud
  An information stealer written in Visual Basic.
  stealer darkcloud
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcloudstealer

behavioral2

darkcloudstealer