darkcloud | 72550fd7c33582364152ca3da77d807cdb6f06e9e0df7a67a87b42ff10dfeaa9 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

statement ...es.exe

windows7-x64

statement ...es.exe

windows10-2004-x64

Sharing

General

Target

statement related to outstanding invoices.rar
Size

792KB
Sample

250312-tx6fsawscz
MD5

5d7e1dc05f5dac9208122f404bebceb7
SHA1

4842cbc0184a0c971ddb4cd503866fa3b1b3be6f
SHA256

72550fd7c33582364152ca3da77d807cdb6f06e9e0df7a67a87b42ff10dfeaa9
SHA512

9b2ab5cf88ac7a90af2eacfcee0f9b051ec072402678096acbce723a15d32a34ccaddda9ecf712cc2b5ea16003dba0d8cdeeb0e891dc0796a3a4bca3b950424a
SSDEEP

24576:091RRNrlo3ldFfTcLqbOMmqH5o/1L34Dqu+ae:Izrlo1Hf71KdLtuje

Score

10^/10

darkcloud discovery stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

statement related to outstanding invoices.exe

Resource

win7-20241010-en

darkcloud discovery stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

statement related to outstanding invoices.exe

Resource

win10v2004-20250217-en

darkcloud discovery stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

darkcloud

Credentials

Protocol: ftp
Host:
@StrFtpServer
Port:
21
Username:
@StrFtpUser
Password:
@StrFtpPass

Targets

- Target
  
  statement related to outstanding invoices.bat
- Size
  
  893KB
- MD5
  
  f2cbbaddb0675bd99c305106ae05ca14
- SHA1
  
  a416708ffdca33fee302a7ec0503c000801a3bd8
- SHA256
  
  5b47ff1c8bb1efc83e426e6c33c217838e822424e0df06564f1ca0670170885c
- SHA512
  
  7723894d81284072bd654fae6780dd0db419341c20202952b9e5cf5720a4b5b6e818b2ffff2976baa58ae939eda0612d35409656a8d6dc74cd27fcb7f512bad3
- SSDEEP
  
  24576:n4l0MSRqgEauL0L1V2FbhfV2kzTbXlAaJuEl4+vode8:n4l0MSRqgEdLS1UrI4lHJZjgI
Score

10^/10

darkcloud discovery stealer
- DarkCloud
  An information stealer written in Visual Basic.
  stealer darkcloud
- Darkcloud family
  darkcloud
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkclouddiscoverystealer

behavioral2

darkclouddiscoverystealer

© 2018-2025

Terms | Privacy