darkcloud | a14aacfdcd67dc00329aa8d563cf6edfe5029aaf03dc816b3b77c50ded24cce1 | Triage

Sharing

General

Target

a14aacfdcd67dc00329aa8d563cf6edfe5029aaf03dc816b3b77c50ded24cce1exe_JC.exe
Size

834KB
Sample

230808-w5y3safb24
MD5

eddba74397db1acfa68e3c531c28a5ff
SHA1

db6adf41b5cff216cc9ba9482e51200e5ae02c5f
SHA256

a14aacfdcd67dc00329aa8d563cf6edfe5029aaf03dc816b3b77c50ded24cce1
SHA512

208bb2d0f0707f6f15da1a995be65a52eb67eb3febdd5eb57a87c7e89e577a2822101f445f51cd726a01f760b23602ecf13c42ea5ffbacac1b8a3d0363255898
SSDEEP

12288:nI2iN8JJBFovPlCJ4qRk5Nj4FWyppfPxyezZXHwusiKcxyAl3:nI1uJ+F047njq1zpQF8

Score

10^/10

darkcloud stealer

Malware Config

Extracted

Family

darkcloud

Attributes

email_from
[email protected]
email_to
[email protected]

Targets

- Target
  
  a14aacfdcd67dc00329aa8d563cf6edfe5029aaf03dc816b3b77c50ded24cce1exe_JC.exe
- Size
  
  834KB
- MD5
  
  eddba74397db1acfa68e3c531c28a5ff
- SHA1
  
  db6adf41b5cff216cc9ba9482e51200e5ae02c5f
- SHA256
  
  a14aacfdcd67dc00329aa8d563cf6edfe5029aaf03dc816b3b77c50ded24cce1
- SHA512
  
  208bb2d0f0707f6f15da1a995be65a52eb67eb3febdd5eb57a87c7e89e577a2822101f445f51cd726a01f760b23602ecf13c42ea5ffbacac1b8a3d0363255898
- SSDEEP
  
  12288:nI2iN8JJBFovPlCJ4qRk5Nj4FWyppfPxyezZXHwusiKcxyAl3:nI1uJ+F047njq1zpQF8
Score

10^/10

darkcloud stealer
- DarkCloud
  An information stealer written in Visual Basic.
  stealer darkcloud
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcloudstealer

behavioral2

darkcloudstealer