darkcloud | a345d0b822b2ef2baffe88fc7084aa72e4bc90444337cd5bf7b828a94dbe805e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

REMITTANCE ADVICE - TT231407ZA9893989.exe
Size

434KB
Sample

230717-tfx33sdh81
MD5

bc43848fb7dadbbcf35d6c71245e349d
SHA1

1a7b482f8a43456515188bfa5da676285bd40f83
SHA256

a345d0b822b2ef2baffe88fc7084aa72e4bc90444337cd5bf7b828a94dbe805e
SHA512

ead603badaaa7b93801eabaaba846d86c9f280fee77673787d09eac54734567a5d62219d26d9228648aa28725674bd2faabd30e200b01c617002aa41ae219d25
SSDEEP

6144:/Ya6kCDm2IdQW1OFA0nn36ISxdv2L8uwgKrvBkdsbSjQ5q8HUM+ciX:/Y6CKVd9Ui6n36TgKrvBcCSj0HgciX

Score

10^/10

darkcloud stealer

Malware Config

Extracted

Family

darkcloud

Attributes

email_from
[email protected]
email_to
[email protected]

Targets

- Target
  
  REMITTANCE ADVICE - TT231407ZA9893989.exe
- Size
  
  434KB
- MD5
  
  bc43848fb7dadbbcf35d6c71245e349d
- SHA1
  
  1a7b482f8a43456515188bfa5da676285bd40f83
- SHA256
  
  a345d0b822b2ef2baffe88fc7084aa72e4bc90444337cd5bf7b828a94dbe805e
- SHA512
  
  ead603badaaa7b93801eabaaba846d86c9f280fee77673787d09eac54734567a5d62219d26d9228648aa28725674bd2faabd30e200b01c617002aa41ae219d25
- SSDEEP
  
  6144:/Ya6kCDm2IdQW1OFA0nn36ISxdv2L8uwgKrvBkdsbSjQ5q8HUM+ciX:/Y6CKVd9Ui6n36TgKrvBcCSj0HgciX
Score

10^/10

darkcloud stealer
- DarkCloud
  An information stealer written in Visual Basic.
  stealer darkcloud
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcloudstealer

behavioral2

darkcloudstealer