darkcloud | 7bdbdf1864e94261b323235ffa2dd241a953f89dae35a2115662cac696e65dfd | Triage

Sharing

General

Target

7bdbdf1864e94261b323235ffa2dd241a953f89dae35a2115662cac696e65dfd_JC.exe
Size

1.4MB
Sample

230826-r7h25ada81
MD5

d3f9c27bd4524cd81dc5b5c7949e48a4
SHA1

461fdb08d2c272897f3adee0f0668dc462612c71
SHA256

7bdbdf1864e94261b323235ffa2dd241a953f89dae35a2115662cac696e65dfd
SHA512

0ced77a5df8fbcda7c1f0c1f8333822c62086314fbede54f25010762acea320a9281fc8f44d3e2d11f905964614d2f8f7d689b695f6f6338404b13bac43bb980
SSDEEP

24576:P8OP09xqIi4CdeZaqW1a8soHcxdBz7U2oGm8aO3ZmcL1UoQPqhnATyHtTI9srDru:eZKT8xdl7NlawZlGoQSniyHvrnu

Score

10^/10

darkcloud persistence stealer

Malware Config

Extracted

Family

darkcloud

Attributes

email_from
[email protected]
email_to
[email protected]

Targets

- Target
  
  7bdbdf1864e94261b323235ffa2dd241a953f89dae35a2115662cac696e65dfd_JC.exe
- Size
  
  1.4MB
- MD5
  
  d3f9c27bd4524cd81dc5b5c7949e48a4
- SHA1
  
  461fdb08d2c272897f3adee0f0668dc462612c71
- SHA256
  
  7bdbdf1864e94261b323235ffa2dd241a953f89dae35a2115662cac696e65dfd
- SHA512
  
  0ced77a5df8fbcda7c1f0c1f8333822c62086314fbede54f25010762acea320a9281fc8f44d3e2d11f905964614d2f8f7d689b695f6f6338404b13bac43bb980
- SSDEEP
  
  24576:P8OP09xqIi4CdeZaqW1a8soHcxdBz7U2oGm8aO3ZmcL1UoQPqhnATyHtTI9srDru:eZKT8xdl7NlawZlGoQSniyHvrnu
Score

10^/10

darkcloud persistence stealer
- DarkCloud
  An information stealer written in Visual Basic.
  stealer darkcloud
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcloudpersistencestealer

behavioral2

darkcloudpersistencestealer