darkcloud | e243f9678f50e9be30a9a65971da27b36470bb27568707edcb87a06fffb3e99a | Triage

Resubmissions

25-04-2024 04:28

240425-e33vhsfc39 10

04-03-2024 06:29

240304-g81nfsca9t 10

Sharing

General

Target

swift.exe
Size

1016KB
Sample

240425-e33vhsfc39
MD5

7f5c94b5e120641ba60ccad05710eda4
SHA1

2ccff660a2ef669821c62362efbea99e4e238a28
SHA256

e243f9678f50e9be30a9a65971da27b36470bb27568707edcb87a06fffb3e99a
SHA512

4a6ab0856337cb35fc1df956d8a5dadbc82ecb19bc8214db3b8e48f068f7d6544f52bbc2493670b65b56d8bbae0f73021b5d8097401e3ac251401075d8614304
SSDEEP

24576:epO9cxPuT2Vj/wgFXRtl+btB7QVdWfXDE1MIz:epOV6Nz9YbATWvDlI

Score

10^/10

darkcloud stealer

Malware Config

Extracted

Family

darkcloud

Attributes

email_from
info@gtvbedding.com
email_to
info@gtvbedding.com

Targets

- Target
  
  swift.exe
- Size
  
  1016KB
- MD5
  
  7f5c94b5e120641ba60ccad05710eda4
- SHA1
  
  2ccff660a2ef669821c62362efbea99e4e238a28
- SHA256
  
  e243f9678f50e9be30a9a65971da27b36470bb27568707edcb87a06fffb3e99a
- SHA512
  
  4a6ab0856337cb35fc1df956d8a5dadbc82ecb19bc8214db3b8e48f068f7d6544f52bbc2493670b65b56d8bbae0f73021b5d8097401e3ac251401075d8614304
- SSDEEP
  
  24576:epO9cxPuT2Vj/wgFXRtl+btB7QVdWfXDE1MIz:epOV6Nz9YbATWvDlI
Score

10^/10

darkcloud stealer
- DarkCloud
  An information stealer written in Visual Basic.
  stealer darkcloud
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

darkcloudstealer

behavioral2

darkcloudstealer