darkcloud | 2c052f280518499f2bccb0395a93567ee0ca625904ce0bb5b5302ed55598cbbd | Triage

Sharing

Copy URL Twitter E-mail

General

Target

DHL AWB DOCUMENT.exe
Size

442KB
Sample

230412-js9yasah49
MD5

c05596dc6967d015d7bf0a57c027e428
SHA1

cb2d6b07aa66706f8a899e3205b29aec36843569
SHA256

2c052f280518499f2bccb0395a93567ee0ca625904ce0bb5b5302ed55598cbbd
SHA512

c93fef93b23bf0f9c5faabf3bc606eb48680af888142c73128daa4c4d7a88e4621f8ff38161eb15aa6d8b5bb7114b4c6ffbb1b2738042604331301a152ec8708
SSDEEP

12288:PY0AXIx8wDoZkj6BdLm4HcgHTd0BJfQSgrCo24:PY0+w8AodNeIZgJfQSgWob

Score

10^/10

darkcloud stealer

Malware Config

Extracted

Family

darkcloud

C2

https://api.telegram.org/bot6220925905:AAFbd3Et4YQi4C1WTvNkPbMsAOdz5c8giT0/sendMessage?chat_id=5463149861

Targets

- Target
  
  DHL AWB DOCUMENT.exe
- Size
  
  442KB
- MD5
  
  c05596dc6967d015d7bf0a57c027e428
- SHA1
  
  cb2d6b07aa66706f8a899e3205b29aec36843569
- SHA256
  
  2c052f280518499f2bccb0395a93567ee0ca625904ce0bb5b5302ed55598cbbd
- SHA512
  
  c93fef93b23bf0f9c5faabf3bc606eb48680af888142c73128daa4c4d7a88e4621f8ff38161eb15aa6d8b5bb7114b4c6ffbb1b2738042604331301a152ec8708
- SSDEEP
  
  12288:PY0AXIx8wDoZkj6BdLm4HcgHTd0BJfQSgrCo24:PY0+w8AodNeIZgJfQSgWob
Score

10^/10

darkcloud stealer
- DarkCloud
  An information stealer written in Visual Basic.
  stealer darkcloud
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcloudstealer

behavioral2

darkcloudstealer