darkcloud | 17543832d4d4e72c62da6172ad6bc8feae790669748b6c80b9aba08c992657da | Triage

Sharing

General

Target

17543832d4d4e72c62da6172ad6bc8feae790669748b6c80b9aba08c992657da
Size

804KB
Sample

240417-r26w1aea3w
MD5

f24e49715706d741addffda1942898c3
SHA1

d9599f7ab78551029157596dc5bfba4087e60807
SHA256

17543832d4d4e72c62da6172ad6bc8feae790669748b6c80b9aba08c992657da
SHA512

91566a77cd39bd4ccc7b479cbe0ca3e41cc21b8960f3d114977cb02524a5e298f871f3c92d0034c700904b0c375af0be2eb41c2771618d41942ce7d4a3c759bd
SSDEEP

12288:q/GBy0KVFi555XKCMx36rMKI1ZnD+PUXj+MsPbDNpLnJzbxKsQ6sscgVbnJH3lYp:P56CU3Io9DDXjiNJnJ1scbnJVZGsXk

Score

10^/10

darkcloud stealer

Malware Config

Extracted

Family

darkcloud

Attributes

email_from
info@alo.com.eg
email_to
info@alo.com.eg

Targets

- Target
  
  6e94f38fee814023e77c4f2f3f718fd0bdf456974fb7742c03ee17dd2054050c.exe
- Size
  
  911KB
- MD5
  
  9530a4b5c2772de4edb6005f057c0405
- SHA1
  
  f544295bc15e8c1f69e9c2939acc88decfe404c8
- SHA256
  
  6e94f38fee814023e77c4f2f3f718fd0bdf456974fb7742c03ee17dd2054050c
- SHA512
  
  62d66a9cdaa81a4e651711dfa27de2dd0269a3200da8f62dd91a479bc925198caa9b4090cdf2e509832b9d226f1d33b28f5f66f6a30c7f0ad39f8f0e3f5f56ed
- SSDEEP
  
  12288:8SGnBbC8IABQRIVa8Tt5g0IhUSIw28Ph0S0NrlhjT2E6JbkpjPJaGbrKHaYl18/d:NEC+BVTUZX2HjTz6pmddYl10
Score

10^/10

darkcloud stealer
- DarkCloud
  An information stealer written in Visual Basic.
  stealer darkcloud
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

darkcloudstealer

behavioral2

darkcloudstealer