darkcloud | e14e63227d5b6ea60f029fc00c057c1ea929de4ff71d34c6e4dc657a73f4f01f | Triage

Submit
Reports

Overview

overview

Static

static

3

36b6d1ea82...f8.exe

windows7-x64

36b6d1ea82...f8.exe

windows10-2004-x64

Sharing

General

Target

e14e63227d5b6ea60f029fc00c057c1ea929de4ff71d34c6e4dc657a73f4f01f
Size

792KB
Sample

240417-r81zbsed6s
MD5

e25c46a4349c06e5404e5ca910250259
SHA1

1e0ec124c6349e71f27f8293fdc28153886dbfb1
SHA256

e14e63227d5b6ea60f029fc00c057c1ea929de4ff71d34c6e4dc657a73f4f01f
SHA512

7f90b5b67e937a95a5924858bef9c6eb987f490ef90abb1d5cf60840f9173332aa44e93188c295441b8187908c66d2a2ffd3306e0502a5d8e64ec1d5cc2c0fa1
SSDEEP

24576:yDYcSDjnMKNJ3zgTC1CdF11QvLbvave2CvTZgTpLXONfC9A:yEc2DHSCEdl6vF161f9A

Score

10^/10

darkcloud zgrat persistence rat stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

36b6d1ea82820b0b1675694e3b78bd3e9de13b63e499dcc938fdac27302e57f8.exe

Resource

win7-20240215-en

darkcloud zgrat persistence rat stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

36b6d1ea82820b0b1675694e3b78bd3e9de13b63e499dcc938fdac27302e57f8.exe

Resource

win10v2004-20240412-en

darkcloud zgrat persistence rat stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

darkcloud

C2

https://api.telegram.org/bot6062190835:AAFarBYBv-mQ3aLxNEnTAnblGK2thSsO8vQ/sendMessage?chat_id=1891775258

Targets

- Target
  
  36b6d1ea82820b0b1675694e3b78bd3e9de13b63e499dcc938fdac27302e57f8.exe
- Size
  
  924KB
- MD5
  
  91d746da30c1d26be52dc2fa20041e24
- SHA1
  
  88352a9821c7514e4a98d5feca3023f333889019
- SHA256
  
  36b6d1ea82820b0b1675694e3b78bd3e9de13b63e499dcc938fdac27302e57f8
- SHA512
  
  edee8656aa9b359aabe3622685bc46e32056f0e67fcd2cf6f7570800ab5ae8d792aa73a695132f14cff635cd4c30a7e9e4e87cd471450d9d99073e9cad9c1068
- SSDEEP
  
  24576:mUNz9YzLaNbzwkzvqNGuEnpTywl+fCNJ8vqb:xmLUwgvAGuEh6fCY
Score

10^/10

darkcloud zgrat persistence rat stealer
- DarkCloud
  An information stealer written in Visual Basic.
  stealer darkcloud
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

darkcloudzgratpersistenceratstealer

behavioral2

darkcloudzgratpersistenceratstealer

© 2018-2024

Terms | Privacy