darkcloud | aa653ad0d107b2d7ab98d4ede0eef147b73fbd7eb2f522f0bf608f833daebe34 | Triage

Sharing

General

Target

aa653ad0d107b2d7ab98d4ede0eef147b73fbd7eb2f522f0bf608f833daebe34.exe
Size

881KB
Sample

250311-tb19yaytat
MD5

768bed9843a8a7c96699b27fc40b8819
SHA1

4ae495c3540252bef39276bf6e9fc84435f7b7bb
SHA256

aa653ad0d107b2d7ab98d4ede0eef147b73fbd7eb2f522f0bf608f833daebe34
SHA512

e23d433ac20532c512d2f2db1badbf4a2e43d2c28ff73553e2de79d82a012dbe1afe81d59bc830f4606ff3b54b08cbbcbd2b6448cdb12a3246ffb4607ac93539
SSDEEP

12288:TfNeE6xIVKGJA1R1MbXgf+GH4oGSlhA8b06JJe4Ii3QOeGiTJyxwC1ht2ddT+:wE6xcA1LMbDqXm8b0iJ7r6cxvE

Score

10^/10

darkcloud discovery execution stealer

Malware Config

Extracted

Family

darkcloud

C2

https://api.telegram.org/bot7725030292:AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs/sendMessage?chat_id=6732456666

Targets

- Target
  
  aa653ad0d107b2d7ab98d4ede0eef147b73fbd7eb2f522f0bf608f833daebe34.exe
- Size
  
  881KB
- MD5
  
  768bed9843a8a7c96699b27fc40b8819
- SHA1
  
  4ae495c3540252bef39276bf6e9fc84435f7b7bb
- SHA256
  
  aa653ad0d107b2d7ab98d4ede0eef147b73fbd7eb2f522f0bf608f833daebe34
- SHA512
  
  e23d433ac20532c512d2f2db1badbf4a2e43d2c28ff73553e2de79d82a012dbe1afe81d59bc830f4606ff3b54b08cbbcbd2b6448cdb12a3246ffb4607ac93539
- SSDEEP
  
  12288:TfNeE6xIVKGJA1R1MbXgf+GH4oGSlhA8b06JJe4Ii3QOeGiTJyxwC1ht2ddT+:wE6xcA1LMbDqXm8b0iJ7r6cxvE
Score

10^/10

darkcloud discovery execution stealer
- DarkCloud
  An information stealer written in Visual Basic.
  stealer darkcloud
- Darkcloud family
  darkcloud
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkclouddiscoveryexecutionstealer