darkcloud | 0e06ab0a31dbb92502a56ad169e710bf336d0c4520d85d0267958908dd01cd8b | Triage

Sharing

General

Target

Teklif 2321-Tecnicas del Cable, S.A-TURKEY---.rar
Size

802KB
Sample

240709-r6bawszhqb
MD5

8fb0aa44e9bc16286404a739718130ee
SHA1

b84abfaa3ddad96bd1d8c1c1da6e711431a256a7
SHA256

0e06ab0a31dbb92502a56ad169e710bf336d0c4520d85d0267958908dd01cd8b
SHA512

c9d8b264cac667cffe103a90f0505eafc4c9337f6c4bb0eb1c49508fdcf8f624292f4012cdfc1575e97580842b05b1ddf2498e6db95fc1a1fc495b895eec7c2d
SSDEEP

12288:NBWkUXCncS3y+YcnAktwvpHTW+X1USFGGTk4LXr24iC6/NnGc+oD4AeJALLyUhAx:NB3Uyh/A4wpa+X19wMkuilGc54AekjF2

Score

10^/10

darkcloud stealer

Malware Config

Extracted

Family

darkcloud

C2

https://api.telegram.org/bot6843160964:AAF3CXe6SpPYlr6PSxsfXFuMMbuXMIkkNtE/sendMessage?chat_id=5302361040

Targets

- Target
  
  Teklif 2321-Tecnicas del Cable, S.A-TURKEY---.exe
- Size
  
  932KB
- MD5
  
  883cf4255f882fe37f4920efede0c744
- SHA1
  
  3bf30fb4585f86f79f97fe54fb94d1cee10bd9ef
- SHA256
  
  5e7b9b88f18be7d07963c53f18b3bf473f5e05ff30817c10538214292ae846f7
- SHA512
  
  49dc64a6e572f48b42cb83373521a7ec9f0e3f04c2d3262d8e5f3db63217705b4219df219392b223f643039546a011ed006cebeae1eef199f1a127e82f8d5588
- SSDEEP
  
  24576:+2SWGLZmVcYR7YJ+5JfGA97nkp8V5j47wnJg:+2RXVcYdYaf7tCEiEnJg
Score

10^/10

darkcloud stealer
- DarkCloud
  An information stealer written in Visual Basic.
  stealer darkcloud
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

darkcloudstealer

behavioral2

darkcloudstealer