darkcloud | d3b08f5a5ac2dd9136da86cf6baea1179e5998f153cd1f29284ae2ba4c337639 | Triage

Submit
Reports

Overview

overview

Static

static

3

d3b08f5a5a...39.exe

windows7-x64

3

d3b08f5a5a...39.exe

windows10-2004-x64

Sharing

General

Target

d3b08f5a5ac2dd9136da86cf6baea1179e5998f153cd1f29284ae2ba4c337639.exe
Size

230KB
Sample

240626-b1992awhqd
MD5

bc4ea0de831e420a531c7cebd18ab131
SHA1

5e72f67a00d3146a7153613c4320aa78a91a4c7f
SHA256

d3b08f5a5ac2dd9136da86cf6baea1179e5998f153cd1f29284ae2ba4c337639
SHA512

4ea2175a75c1b76929735b2e3ce639ef6f016e94f1b7e38c61518183d751c7aa771a89b86353fea40a97407e1172b8701ff13d744084478f7b1bf4af2f4c2897
SSDEEP

3072:9r9IGyFzvYZ+zj3FG+9wqY+mhhhmitqOv:rGjYZSQKi

Score

10^/10

darkcloud stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d3b08f5a5ac2dd9136da86cf6baea1179e5998f153cd1f29284ae2ba4c337639.exe

Resource

win7-20231129-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

d3b08f5a5ac2dd9136da86cf6baea1179e5998f153cd1f29284ae2ba4c337639.exe

Resource

win10v2004-20240508-en

darkcloud stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

darkcloud

C2

https://api.telegram.org/bot6686872771:AAGUwkUh0LMB8XwZ6Sv6jR4DHAsdZafImc0/sendMessage?chat_id=6542615755

Targets

- Target
  
  d3b08f5a5ac2dd9136da86cf6baea1179e5998f153cd1f29284ae2ba4c337639.exe
- Size
  
  230KB
- MD5
  
  bc4ea0de831e420a531c7cebd18ab131
- SHA1
  
  5e72f67a00d3146a7153613c4320aa78a91a4c7f
- SHA256
  
  d3b08f5a5ac2dd9136da86cf6baea1179e5998f153cd1f29284ae2ba4c337639
- SHA512
  
  4ea2175a75c1b76929735b2e3ce639ef6f016e94f1b7e38c61518183d751c7aa771a89b86353fea40a97407e1172b8701ff13d744084478f7b1bf4af2f4c2897
- SSDEEP
  
  3072:9r9IGyFzvYZ+zj3FG+9wqY+mhhhmitqOv:rGjYZSQKi
Score

10^/10

darkcloud stealer
- DarkCloud
  An information stealer written in Visual Basic.
  stealer darkcloud
- Detects executables containing SQL queries to confidential data stores. Observed in infostealers
- Detects executables using Telegram Chat Bot
- UPX dump on OEP (original entry point)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

darkcloudstealer

© 2018-2024

Terms | Privacy