darkcloud | 35d98cf128d68ac5f4f2acdf40e3fd070335e0f1be40d96f5af62130eec9b3ea | Triage

Sharing

Copy URL Twitter E-mail

General

Target

35d98cf128d68ac5f4f2acdf40e3fd070335e0f1be40d96f5af62130eec9b3ea
Size

1.2MB
Sample

230103-f2gfkahh89
MD5

46b24985916d97c3c7f8f1dead2b4a1f
SHA1

93a47b62ff43c7d436e79ecee3193a27ba6712cf
SHA256

35d98cf128d68ac5f4f2acdf40e3fd070335e0f1be40d96f5af62130eec9b3ea
SHA512

453320324cae24fb6de5e90a5563ae6c806a8fba1bfb805f636eefb8d723c6dcc5878ae687d282aee8c34cb6fb866bc3a32fd204309f5ee4d2649d0675980d1b
SSDEEP

24576:pakhJUwjYflpG8VKRIRuxSnE/rlMT/GW7i4GLmXwj+uGA+u9Y7:5/4m8VnnEDlvLmgpfZu

Score

10^/10

darkcloud stealer

Malware Config

Extracted

Family

darkcloud

Attributes

email_from
[email protected]
email_to
[email protected]

Targets

- Target
  
  #PDF4.exe
- Size
  
  1.6MB
- MD5
  
  af513045fb00b56a2909a1394b80023e
- SHA1
  
  0002d4384b3facd1d635a9cf0bb7cac513bf4436
- SHA256
  
  f97bca3cc65f895a62070daa10fdf31cb0a700db5dc872b1cba3b09d1c2f2b1a
- SHA512
  
  6bbde119165145c3609ea2125b9c7fbc03608063f0849eda2b2888685839324640a79a295070e7390af402ec19414839d52d72c78368597241e46cdc954bf2bf
- SSDEEP
  
  49152:k1B+dHgV+VQI4ufW2ZsKSjqXUx4ruPAQcWTfkUL0vXpza:sB+VI+sLjqXUx4ruPAQcWTfkUL0vXp+
Score

10^/10

darkcloud stealer
- DarkCloud
  An information stealer written in Visual Basic.
  stealer darkcloud
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

darkcloudstealer

behavioral2

darkcloudstealer