darkcloud | a4e306de360dd28b8d54760139d3b4b9fe5448d6c906ea3ff3bc54b3ab97ea27 | Triage

Sharing

General

Target

a4e306de360dd28b8d54760139d3b4b9fe5448d6c906ea3ff3bc54b3ab97ea27.exe
Size

765KB
Sample

241018-cv1n3s1enh
MD5

01af6ceeff2d2c69112366e4e31343de
SHA1

4eb1e750d996fce10aa04d5fd158a2345609df6a
SHA256

a4e306de360dd28b8d54760139d3b4b9fe5448d6c906ea3ff3bc54b3ab97ea27
SHA512

80bc5ed358722dfee1bab90ba8eb31802104af7d1052e67f69eb9b47587a2652a5d67f6318ca2323de070d043db10789a461ed8af26b7e85304d53f7346a2075
SSDEEP

12288:X1RveBYT43abOCbQaRsydeRhM2I+OEufeLXAtikRw9Jz5fxSd4+zOcOmA4Fn9BOv:X1RWBYIabOCbQaRsWeRhM2HOne6vWPN

Score

10^/10

darkcloud discovery stealer

Malware Config

Extracted

Family

darkcloud

C2

https://api.telegram.org/bot8171626722:AAGIo9PvRpFrmWwamfv0SMURLy1PCYFG9a8/sendMessage?chat_id=6542615755

Targets

- Target
  
  a4e306de360dd28b8d54760139d3b4b9fe5448d6c906ea3ff3bc54b3ab97ea27.exe
- Size
  
  765KB
- MD5
  
  01af6ceeff2d2c69112366e4e31343de
- SHA1
  
  4eb1e750d996fce10aa04d5fd158a2345609df6a
- SHA256
  
  a4e306de360dd28b8d54760139d3b4b9fe5448d6c906ea3ff3bc54b3ab97ea27
- SHA512
  
  80bc5ed358722dfee1bab90ba8eb31802104af7d1052e67f69eb9b47587a2652a5d67f6318ca2323de070d043db10789a461ed8af26b7e85304d53f7346a2075
- SSDEEP
  
  12288:X1RveBYT43abOCbQaRsydeRhM2I+OEufeLXAtikRw9Jz5fxSd4+zOcOmA4Fn9BOv:X1RWBYIabOCbQaRsWeRhM2HOne6vWPN
Score

10^/10

darkcloud discovery stealer
- DarkCloud
  An information stealer written in Visual Basic.
  stealer darkcloud
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkclouddiscoverystealer

behavioral2

darkclouddiscoverystealer