darkcloud | 9d93cb320b9f30b00e7f09b426096f5f92405cce5fb4bfd20dfc91cd22ea28f6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

PO.231204.pdf.exe
Size

438KB
Sample

230412-qmjbqaea5z
MD5

57df0fc23bb2f3264ef83b0acb1cbbe7
SHA1

aa79a21c556f8eef909ba22d5746f6353025c229
SHA256

9d93cb320b9f30b00e7f09b426096f5f92405cce5fb4bfd20dfc91cd22ea28f6
SHA512

fb5b1c1ff4711011e09c5154f098af495fd9b5c930ce8824678b2102599fd78a1ddfc9aa4bd7ae1cddf23ac7168702f748b43b1200eac0d6a3faaa93ff089da4
SSDEEP

6144:vYa6QKwnmvjDtT9qxOjhFwVbDGfhJajaWu3e7LLVuGoj7aA6kDpzPSZDLbdac4QW:vY+KlbKOodGTDO7v8OA66zP46rMJ+

Score

10^/10

darkcloud stealer

Malware Config

Extracted

Family

darkcloud

C2

https://api.telegram.org/bot5881209387:AAEYbMO86ewxRCF0hqbguD3F2NjXIQs4EJU/sendMessage?chat_id=1275946058

Targets

- Target
  
  PO.231204.pdf.exe
- Size
  
  438KB
- MD5
  
  57df0fc23bb2f3264ef83b0acb1cbbe7
- SHA1
  
  aa79a21c556f8eef909ba22d5746f6353025c229
- SHA256
  
  9d93cb320b9f30b00e7f09b426096f5f92405cce5fb4bfd20dfc91cd22ea28f6
- SHA512
  
  fb5b1c1ff4711011e09c5154f098af495fd9b5c930ce8824678b2102599fd78a1ddfc9aa4bd7ae1cddf23ac7168702f748b43b1200eac0d6a3faaa93ff089da4
- SSDEEP
  
  6144:vYa6QKwnmvjDtT9qxOjhFwVbDGfhJajaWu3e7LLVuGoj7aA6kDpzPSZDLbdac4QW:vY+KlbKOodGTDO7v8OA66zP46rMJ+
Score

10^/10

darkcloud stealer
- DarkCloud
  An information stealer written in Visual Basic.
  stealer darkcloud
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcloudstealer

behavioral2

darkcloudstealer