darkcloud | 8f54aa1cd28e20beb85b66bb98de7f422ac6b8a4a3994a62bbd1c55d9876df3b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Invoice.exe
Size

799KB
Sample

230829-ym4lnaae6t
MD5

65b7f572596c639c3fed24fec9a3ec04
SHA1

c9baab334e8fe8c74fd9550ac2851d4b33a8c61c
SHA256

8f54aa1cd28e20beb85b66bb98de7f422ac6b8a4a3994a62bbd1c55d9876df3b
SHA512

536f9e110ef39ac1de776e3d09cbbb95bf00ac34a9774676a18fbacaa6220e4a25f40e461bd880050ecf2cfebcbdfba98d0ae460881daba916d8f6c8a558fc4f
SSDEEP

12288:VwC0hPqOnwLHwqi/pZXQb+76loygtnixs0123sTL1VP30IdhWMzPtmnpAbf12:VrSSs37IoPtixs01281VP5FzPs0f1

Score

10^/10

darkcloud stealer

Malware Config

Extracted

Family

darkcloud

C2

https://api.telegram.org/bot6028253602:AAFFbacUfiOxmvzuo36D6g83Flf23bpPXYA/sendMessage?chat_id=5954758350

Targets

- Target
  
  Invoice.exe
- Size
  
  799KB
- MD5
  
  65b7f572596c639c3fed24fec9a3ec04
- SHA1
  
  c9baab334e8fe8c74fd9550ac2851d4b33a8c61c
- SHA256
  
  8f54aa1cd28e20beb85b66bb98de7f422ac6b8a4a3994a62bbd1c55d9876df3b
- SHA512
  
  536f9e110ef39ac1de776e3d09cbbb95bf00ac34a9774676a18fbacaa6220e4a25f40e461bd880050ecf2cfebcbdfba98d0ae460881daba916d8f6c8a558fc4f
- SSDEEP
  
  12288:VwC0hPqOnwLHwqi/pZXQb+76loygtnixs0123sTL1VP30IdhWMzPtmnpAbf12:VrSSs37IoPtixs01281VP5FzPs0f1
Score

10^/10

darkcloud stealer
- DarkCloud
  An information stealer written in Visual Basic.
  stealer darkcloud
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcloudstealer

behavioral2

darkcloudstealer