darkcloud | 8f3e95019dfd1caa9f174df58f9b8c097e66cb655551c18fe94067f371d9b045 | Triage

Sharing

General

Target

8f3e95019dfd1caa9f174df58f9b8c097e66cb655551c18fe94067f371d9b045.exe
Size

890KB
Sample

250311-emmtcs1wgz
MD5

77f5fec4ab36cbc857af81b4051a205b
SHA1

66faae41226e0d364e6ceaa1fbf5eabb1d5274b3
SHA256

8f3e95019dfd1caa9f174df58f9b8c097e66cb655551c18fe94067f371d9b045
SHA512

41cb4afffd7dfff23701fd861b743dabb8803b4d053ea3e000a5f912887474b3f43c64e1f922d5f814debabe17ef3302951228ce0c6170955dbf72c01105448a
SSDEEP

24576:5MrbZRDq373Q7EQihjBQt0pfH7tHrbXqu1mTM:5MXfOzvjBQt0Zbh

Score

10^/10

darkcloud discovery stealer

Malware Config

Extracted

Family

darkcloud

Attributes

email_from
[email protected]
email_to
[email protected]

Targets

- Target
  
  8f3e95019dfd1caa9f174df58f9b8c097e66cb655551c18fe94067f371d9b045.exe
- Size
  
  890KB
- MD5
  
  77f5fec4ab36cbc857af81b4051a205b
- SHA1
  
  66faae41226e0d364e6ceaa1fbf5eabb1d5274b3
- SHA256
  
  8f3e95019dfd1caa9f174df58f9b8c097e66cb655551c18fe94067f371d9b045
- SHA512
  
  41cb4afffd7dfff23701fd861b743dabb8803b4d053ea3e000a5f912887474b3f43c64e1f922d5f814debabe17ef3302951228ce0c6170955dbf72c01105448a
- SSDEEP
  
  24576:5MrbZRDq373Q7EQihjBQt0pfH7tHrbXqu1mTM:5MXfOzvjBQt0Zbh
Score

10^/10

darkcloud discovery stealer
- DarkCloud
  An information stealer written in Visual Basic.
  stealer darkcloud
- Darkcloud family
  darkcloud
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkclouddiscoverystealer

behavioral2

darkclouddiscoverystealer