darkcloud | 039abdc271621646e3a6d347f08b7a23223c9e4772a9059d44e0a9d5d0ee01d4 | Triage

Sharing

General

Target

PURCHASE ORDER- REF QTE-2314329.7z
Size

823KB
Sample

230526-nte7jafc42
MD5

5b64ea805cc0624fd7928c6936556573
SHA1

7dd00b40fbe2b7d0316574b03216358c4a06de82
SHA256

039abdc271621646e3a6d347f08b7a23223c9e4772a9059d44e0a9d5d0ee01d4
SHA512

3ddb30372a56256e0b90d1dbd88aa2a82b56e0971e1d97ef90eb5e6ff57be8049b2f08f9e1eaee1eeddf7e4ef1561e6630427f85abc5d6cf4db6515175d22a6f
SSDEEP

12288:Cc44fiz+cteztwC9Jh4bdqSNgjwe+kZj1771y3R7lc1qKdMKHwhb5p5U61pNfa:F4mctUwOgqSNgjwe7ykgyMKkf5UMLC

Score

10^/10

darkcloud stealer

Malware Config

Extracted

Family

darkcloud

Attributes

email_from
[email protected]
email_to
[email protected]

Targets

- Target
  
  purchase order.exe
- Size
  
  916KB
- MD5
  
  3f626f64cf5f7196bc812ff1814d95f6
- SHA1
  
  c7dcf05df40dc04d4f9af38ef7a887ffde68abb5
- SHA256
  
  f6a82d751b2c63e135488686a43c60f35c2cda54a5599f450d4c123043e3c6b2
- SHA512
  
  ecf5aca2cfc774557f1170d5ba73115a3240831b2b1bf2c7c43b8dd8b2965450efd7c25ed71b0bb0a7e28931ecb5cd614c1cf5c3fc318ca2c891813983856413
- SSDEEP
  
  12288:KOCmzZBEP85QaC9JhmbdqSNhjwl+eZj17y1a3RplcyqKdxKHwhj5p5U61aNf:h9BEP83O6qSNhjwtIa2DyxKkf5UMM
Score

10^/10

darkcloud stealer
- DarkCloud
  An information stealer written in Visual Basic.
  stealer darkcloud
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcloudstealer

behavioral2

darkcloudstealer