darkcloud | 11db64f5b588f39af3ac22291693929990e7d2066319020d2763a6b26cc39125 | Triage

Sharing

General

Target

doc_Rfq_TNTM Spareparts TM00002916620 exp_pdf.com.exe
Size

2.0MB
Sample

240625-kr61pazcqf
MD5

9bb451adbe6aefc385b3aebe7dec18ed
SHA1

69e4d183677c260f10022a25a31536790ae4710b
SHA256

11db64f5b588f39af3ac22291693929990e7d2066319020d2763a6b26cc39125
SHA512

71d9073756c5ee9b7c33244dfa3d95dc13c479e67543ffd8ce68dde7194694a469e1473c4c48f95cf00f096cb5303296b485da22a8eeb1781850355e2fe6668e
SSDEEP

49152:TOD+bTI6YTDml4HJPHDQkOBU0f9iygcrxZ3aU5ZAIrRo2ht1L14vk2DlMijg7Ccp:Kv85E+r

Score

10^/10

darkcloud stealer

Malware Config

Extracted

Family

darkcloud

Attributes

email_from
[email protected]
email_to
[email protected]

Targets

- Target
  
  doc_Rfq_TNTM Spareparts TM00002916620 exp_pdf.com.exe
- Size
  
  2.0MB
- MD5
  
  9bb451adbe6aefc385b3aebe7dec18ed
- SHA1
  
  69e4d183677c260f10022a25a31536790ae4710b
- SHA256
  
  11db64f5b588f39af3ac22291693929990e7d2066319020d2763a6b26cc39125
- SHA512
  
  71d9073756c5ee9b7c33244dfa3d95dc13c479e67543ffd8ce68dde7194694a469e1473c4c48f95cf00f096cb5303296b485da22a8eeb1781850355e2fe6668e
- SSDEEP
  
  49152:TOD+bTI6YTDml4HJPHDQkOBU0f9iygcrxZ3aU5ZAIrRo2ht1L14vk2DlMijg7Ccp:Kv85E+r
Score

10^/10

darkcloud stealer
- DarkCloud
  An information stealer written in Visual Basic.
  stealer darkcloud
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

darkcloudstealer

behavioral2

darkcloudstealer