darkcloud | 830bfb21d58767b944db5fb9305818869afb5c6683711b11a10d47521b54fef4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

830bfb21d58767b944db5fb9305818869afb5c6683711b11a10d47521b54fef4.exe
Size

494KB
Sample

230608-nbzhfsfd2t
MD5

e3fb5a0ef8a0d509ebd00e10446ecc6f
SHA1

abac33a9a375fd1293b39aad8616ecd44fd15695
SHA256

830bfb21d58767b944db5fb9305818869afb5c6683711b11a10d47521b54fef4
SHA512

699d0b452b7938d05b869f3173652480a725610cd3fcb080f9428c562f55c853f90f97c2315db211c05ae92ba75a4740b369d4ac302f3d44606c56cd74693b86
SSDEEP

12288:uhK95F77f6Qj6W6oIujQicBWE/svyZTxyd8qVhTco:r8Qqyj8svyZ1yWqjTco

Score

10^/10

darkcloud stealer

Malware Config

Extracted

Family

darkcloud

C2

https://api.telegram.org/bot5671318275:AAGisFrFLqhVJjO72egJPifm2Q0ITZ6Nziw/sendMessage?chat_id=553496422

Targets

- Target
  
  830bfb21d58767b944db5fb9305818869afb5c6683711b11a10d47521b54fef4.exe
- Size
  
  494KB
- MD5
  
  e3fb5a0ef8a0d509ebd00e10446ecc6f
- SHA1
  
  abac33a9a375fd1293b39aad8616ecd44fd15695
- SHA256
  
  830bfb21d58767b944db5fb9305818869afb5c6683711b11a10d47521b54fef4
- SHA512
  
  699d0b452b7938d05b869f3173652480a725610cd3fcb080f9428c562f55c853f90f97c2315db211c05ae92ba75a4740b369d4ac302f3d44606c56cd74693b86
- SSDEEP
  
  12288:uhK95F77f6Qj6W6oIujQicBWE/svyZTxyd8qVhTco:r8Qqyj8svyZ1yWqjTco
Score

10^/10

darkcloud stealer
- DarkCloud
  An information stealer written in Visual Basic.
  stealer darkcloud
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

darkcloudstealer

behavioral2

darkcloudstealer