darkcloud | 8992b94e147a940a1da05b11631e28202c50840902fa372690485b49c415e4b5 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

SecuriteIn...38.exe

windows7-x64

SecuriteIn...38.exe

windows10-2004-x64

Sharing

General

Target

SecuriteInfo.com.Win32.TrojanX-gen.29310.32138.exe
Size

1.6MB
Sample

230504-xal1eaed78
MD5

3d1072986b88dc6184e40ba0df6acfc2
SHA1

3dced4443af3c9591c948c827ac5b02bd0d31029
SHA256

8992b94e147a940a1da05b11631e28202c50840902fa372690485b49c415e4b5
SHA512

6b072f7e1b617a1426faeffdc14b80259f2601f29f5df65953694917cfa9611379976424ec37ffe3d139f5abd1bff02146d968f6a47d96d57ab4de1bb32a626b
SSDEEP

24576:rPKokfY5HGAg4y2oLeeHlQFwSohxt3jIwYg94ZIgUZ8K5BEuww4sXpA5jp9DTS2I:LZWY5mz4yJSfu/9IwYgeJuw7sX0jpd

Score

10^/10

darkcloud spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

SecuriteInfo.com.Win32.TrojanX-gen.29310.32138.exe

Resource

win7-20230220-en

darkcloud spyware stealer

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

SecuriteInfo.com.Win32.TrojanX-gen.29310.32138.exe

Resource

win10v2004-20230220-en

darkcloud spyware stealer

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

darkcloud

C2

https://api.telegram.org/bot5955632087:AAGbHX-YygFpBeOiEaTfH9CY-2MMNrZcY48/sendMessage?chat_id=865011046

Targets

- Target
  
  SecuriteInfo.com.Win32.TrojanX-gen.29310.32138.exe
- Size
  
  1.6MB
- MD5
  
  3d1072986b88dc6184e40ba0df6acfc2
- SHA1
  
  3dced4443af3c9591c948c827ac5b02bd0d31029
- SHA256
  
  8992b94e147a940a1da05b11631e28202c50840902fa372690485b49c415e4b5
- SHA512
  
  6b072f7e1b617a1426faeffdc14b80259f2601f29f5df65953694917cfa9611379976424ec37ffe3d139f5abd1bff02146d968f6a47d96d57ab4de1bb32a626b
- SSDEEP
  
  24576:rPKokfY5HGAg4y2oLeeHlQFwSohxt3jIwYg94ZIgUZ8K5BEuww4sXpA5jp9DTS2I:LZWY5mz4yJSfu/9IwYgeJuw7sX0jpd
Score

10^/10

darkcloud spyware stealer
- DarkCloud
  An information stealer written in Visual Basic.
  stealer darkcloud
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcloudspywarestealer

behavioral2

darkcloudspywarestealer

© 2018-2025

Terms | Privacy