darkcloud | 63fecafde6aed53ac007e7a69372eda93dfa06143552644ceee7f032886c1c58 | Triage

Sharing

General

Target

63fecafde6aed53ac007e7a69372eda93dfa06143552644ceee7f032886c1c58.exe
Size

813KB
Sample

240110-sa1fksadd8
MD5

6a4af4b23d3234eab5622ffb9f64c5fe
SHA1

fdfad14c00e4fe40ea6fcdef2c42ff053ae2c1c3
SHA256

63fecafde6aed53ac007e7a69372eda93dfa06143552644ceee7f032886c1c58
SHA512

cf95580e39a45bb183bc71ccdb0f923a2a6d95c4048f90e55e332392d44103c97a4347eb620a772e7941f2299d0d5dd3e368211e3336c55cabefb05ef164bb02
SSDEEP

24576:FxuUJuMl4s4KbiWwDHNfwus01NckbrhORP:fv74s4CiWwDtfwILcXR

Score

10^/10

darkcloud stealer

Malware Config

Extracted

Family

darkcloud

Attributes

email_from
[email protected]
email_to
[email protected]

Targets

- Target
  
  63fecafde6aed53ac007e7a69372eda93dfa06143552644ceee7f032886c1c58.exe
- Size
  
  813KB
- MD5
  
  6a4af4b23d3234eab5622ffb9f64c5fe
- SHA1
  
  fdfad14c00e4fe40ea6fcdef2c42ff053ae2c1c3
- SHA256
  
  63fecafde6aed53ac007e7a69372eda93dfa06143552644ceee7f032886c1c58
- SHA512
  
  cf95580e39a45bb183bc71ccdb0f923a2a6d95c4048f90e55e332392d44103c97a4347eb620a772e7941f2299d0d5dd3e368211e3336c55cabefb05ef164bb02
- SSDEEP
  
  24576:FxuUJuMl4s4KbiWwDHNfwus01NckbrhORP:fv74s4CiWwDtfwILcXR
Score

10^/10

darkcloud stealer
- DarkCloud
  An information stealer written in Visual Basic.
  stealer darkcloud
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcloudstealer

behavioral2