darkcloud | 5946bbf5dc0be29cccdd0e66b13d17cf776fc785c9b8d67b06cbb56c85bd5577 | Triage

Submit
Reports

Overview

overview

Static

static

5946bbf5dc...77.exe

windows7-x64

5946bbf5dc...77.exe

windows10-2004-x64

Sharing

General

Target

5946bbf5dc0be29cccdd0e66b13d17cf776fc785c9b8d67b06cbb56c85bd5577.exe
Size

370KB
Sample

240509-byafmade83
MD5

1c33d6d36c82b089cadab786f557f635
SHA1

900fb77fc9a15a0ad823c0dee55754d58869f636
SHA256

5946bbf5dc0be29cccdd0e66b13d17cf776fc785c9b8d67b06cbb56c85bd5577
SHA512

caa98b053a25a7910273cc4792d0e470b7dad927f267c6f182158c946999292e908cf3a5102cb76d05f66a59ecfb727198052e271a144eec60dced37ca8d7d86
SSDEEP

6144:aLnESs/NWtzAME3nW1FKAtYKdTj7y1ZrkniErc8d1/w5KA81IJ8GpF6nuTmOOU:anE/NSAME3nW1FhtYiv7yXYZDjYKkJjx

Score

10^/10

darkcloud stealer

Static task

static1

5 signatures

Behavioral task

behavioral1

Sample

5946bbf5dc0be29cccdd0e66b13d17cf776fc785c9b8d67b06cbb56c85bd5577.exe

Resource

win7-20240508-en

darkcloud stealer

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

5946bbf5dc0be29cccdd0e66b13d17cf776fc785c9b8d67b06cbb56c85bd5577.exe

Resource

win10v2004-20240508-en

darkcloud stealer

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

darkcloud

C2

https://api.telegram.org/bot7148308455:AAGrdlRzhjt8mx31-dFYXt4kvhbFnphSlSg/sendMessage?chat_id=6542615755

Targets

- Target
  
  5946bbf5dc0be29cccdd0e66b13d17cf776fc785c9b8d67b06cbb56c85bd5577.exe
- Size
  
  370KB
- MD5
  
  1c33d6d36c82b089cadab786f557f635
- SHA1
  
  900fb77fc9a15a0ad823c0dee55754d58869f636
- SHA256
  
  5946bbf5dc0be29cccdd0e66b13d17cf776fc785c9b8d67b06cbb56c85bd5577
- SHA512
  
  caa98b053a25a7910273cc4792d0e470b7dad927f267c6f182158c946999292e908cf3a5102cb76d05f66a59ecfb727198052e271a144eec60dced37ca8d7d86
- SSDEEP
  
  6144:aLnESs/NWtzAME3nW1FKAtYKdTj7y1ZrkniErc8d1/w5KA81IJ8GpF6nuTmOOU:anE/NSAME3nW1FhtYiv7yXYZDjYKkJjx
Score

10^/10

darkcloud stealer
- DarkCloud
  An information stealer written in Visual Basic.
  stealer darkcloud
- Detects executables containing SQL queries to confidential data stores. Observed in infostealers
- Detects executables using Telegram Chat Bot
- UPX dump on OEP (original entry point)
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

darkcloudstealer

behavioral2

darkcloudstealer

© 2018-2024

Terms | Privacy