darkcloud | ae3fa6dd15af49ed5d518b57189fa9b94a6256080142615bbf0f9accd9afc14a | Triage

Sharing

General

Target

ae3fa6dd15af49ed5d518b57189fa9b94a6256080142615bbf0f9accd9afc14a
Size

402KB
Sample

241119-nak9favdqg
MD5

26f7bf9ac75677f919a89942cb644a91
SHA1

6eab3d6b87ccf8abe98db93ea631c1e722845acd
SHA256

ae3fa6dd15af49ed5d518b57189fa9b94a6256080142615bbf0f9accd9afc14a
SHA512

9e5fa3f6dd14186929de18dd7f309d67c6a2dfc3bca2c78c77b285f58d7b2f449cadd4e4635591518beb7b340ff10e3296366edd9eb3739b0ddaf3b970e3fb39
SSDEEP

12288:XrL6kXGxltymcfhTYs1yk+KjYKkJj6GmZU:pXp0s13+sYb6nZ

Score

10^/10

darkcloud discovery stealer

Malware Config

Extracted

Family

darkcloud

C2

https://api.telegram.org/bot8136579075:AAGj0tA4jaUAY9OKp-x5cJn4qOrj2emlQuE/sendMessage?chat_id=7309975149

Targets

- Target
  
  ae3fa6dd15af49ed5d518b57189fa9b94a6256080142615bbf0f9accd9afc14a
- Size
  
  402KB
- MD5
  
  26f7bf9ac75677f919a89942cb644a91
- SHA1
  
  6eab3d6b87ccf8abe98db93ea631c1e722845acd
- SHA256
  
  ae3fa6dd15af49ed5d518b57189fa9b94a6256080142615bbf0f9accd9afc14a
- SHA512
  
  9e5fa3f6dd14186929de18dd7f309d67c6a2dfc3bca2c78c77b285f58d7b2f449cadd4e4635591518beb7b340ff10e3296366edd9eb3739b0ddaf3b970e3fb39
- SSDEEP
  
  12288:XrL6kXGxltymcfhTYs1yk+KjYKkJj6GmZU:pXp0s13+sYb6nZ
Score

10^/10

darkcloud discovery stealer
- DarkCloud
  An information stealer written in Visual Basic.
  stealer darkcloud
- Darkcloud family
  darkcloud
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkclouddiscoverystealer

behavioral2

darkclouddiscoverystealer