darkcloud | 3db582b8add878e04aff568409b841041e707851251fea25b80016684bbf9905 | Triage

Sharing

General

Target

6a3374b5325284cd932aa78f365d0193392d8485
Size

830KB
Sample

230203-xdbc3scb4x
MD5

01b147dd3f43915a4ccea10670b7afc6
SHA1

6a3374b5325284cd932aa78f365d0193392d8485
SHA256

3db582b8add878e04aff568409b841041e707851251fea25b80016684bbf9905
SHA512

0781f47d8b6d1794c47b17f8e0c966be716ca07eb69da60743708749994ad0e751dd2553db4b92fd277513791aa1c59360f28fcc08e42be8d2b3899781f84bde
SSDEEP

12288:2YKAF7zXICDW2EisP+qB/K4CANbfsq4G9ASn8USBav1Bt:2Yzz/WOsmWKrQ94QAEnNBt

Score

10^/10

darkcloud persistence stealer

Malware Config

Extracted

Family

darkcloud

Attributes

email_from
[email protected]
email_to
[email protected]

Targets

- Target
  
  6a3374b5325284cd932aa78f365d0193392d8485
- Size
  
  830KB
- MD5
  
  01b147dd3f43915a4ccea10670b7afc6
- SHA1
  
  6a3374b5325284cd932aa78f365d0193392d8485
- SHA256
  
  3db582b8add878e04aff568409b841041e707851251fea25b80016684bbf9905
- SHA512
  
  0781f47d8b6d1794c47b17f8e0c966be716ca07eb69da60743708749994ad0e751dd2553db4b92fd277513791aa1c59360f28fcc08e42be8d2b3899781f84bde
- SSDEEP
  
  12288:2YKAF7zXICDW2EisP+qB/K4CANbfsq4G9ASn8USBav1Bt:2Yzz/WOsmWKrQ94QAEnNBt
Score

10^/10

darkcloud persistence stealer
- DarkCloud
  An information stealer written in Visual Basic.
  stealer darkcloud
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcloudpersistencestealer

behavioral2

darkcloudpersistencestealer