darkcloud | 7aa2c7dddf4293f44c8d736721480bea6d539228da56a4151c52ba9bffc87f6e | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

DHL AWB 38...90.exe

windows7-x64

DHL AWB 38...90.exe

windows10-2004-x64

Sharing

General

Target

DHL AWB 38722187090.gz
Size

803KB
Sample

230822-rvkp7aec2z
MD5

2e85a7ba3d019866ad44bf71ab51e7bb
SHA1

f760dfc27a05cbc300b6fae846323bd541f42799
SHA256

7aa2c7dddf4293f44c8d736721480bea6d539228da56a4151c52ba9bffc87f6e
SHA512

ecf3c17b66b4e4d411c2cc6fc046fbc4bdb31edccf3be23c7dbf92c37f55367e85a52010caa8134958209a6d0f6bf2041950589f62d84ebccdda79fc4510619f
SSDEEP

24576:5NfOZTCCe6L69qEP6QQK/H62afHY7Tzikn3e:urjEPpH62af4rDn3e

Score

10^/10

darkcloud stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

DHL AWB 38722187090.exe

Resource

win7-20230712-en

darkcloud stealer

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

DHL AWB 38722187090.exe

Resource

win10v2004-20230703-en

darkcloud stealer

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Extracted

Family

darkcloud

Attributes

email_from
[email protected]
email_to
[email protected]

Targets

- Target
  
  DHL AWB 38722187090.exe
- Size
  
  914KB
- MD5
  
  3232348d8f9aa98c80011580ae8d7c43
- SHA1
  
  f7887c6ea74e9d435ea8a7764fca67cf388e7477
- SHA256
  
  f2ae9306a48f1b446ce9467300267b864e8efe3f9e3b3d01da8bb89133140613
- SHA512
  
  2728202d1d29ab4d13e3c5a77eaa5e95a1d5f39969bb260e05331b0828e4da3f242615c663ccf0a44f013f7edadc1581158506feb643c06e08b6f5b2891c956c
- SSDEEP
  
  12288:H51qEww2d1mbTi5f6iB1YaZGMLxyAdLdE57Ry8iHs+t8PgaDZsoEJh3Y1EmXxDPJ:jqEw0CCiBDd6zBO8omiDotP1oMd
Score

10^/10

darkcloud stealer
- DarkCloud
  An information stealer written in Visual Basic.
  stealer darkcloud
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

darkcloudstealer

behavioral2

darkcloudstealer

© 2018-2025

Terms | Privacy