darkcloud | bb07726f228125d0a93d5982715707b7b95039a70a8785103a581d2e6887e172 | Triage

Sharing

General

Target

sample.rar
Size

508KB
Sample

250328-n5fx7sxmt4
MD5

e9b6e24594b6f780650072765fc1999f
SHA1

b44ebd6575e35accd11122a72438ea66cc761080
SHA256

bb07726f228125d0a93d5982715707b7b95039a70a8785103a581d2e6887e172
SHA512

e841cf5807ca47c05c430220ca809715d9c48d0410630081e6b060882a8b71f6cd5cc7151f871cbdb1299c56123a9c0fc5f55b7adb7498a67a74e3b91540d1cb
SSDEEP

12288:OeMPwtow0ZjR1ftfBSSeU/sSfXHCGaGFaK4rqVZzLBwmZSzS0:Oe9toXXfj5sSfXHCGvFaHqal

Score

10^/10

darkcloud discovery stealer

Malware Config

Extracted

Family

darkcloud

Credentials

Protocol: ftp
Host:
@StrFtpServer
Port:
21
Username:
@StrFtpUser
Password:
@StrFtpPass

Targets

- Target
  
  Orden de compra N3-13429.exe
- Size
  
  710KB
- MD5
  
  98f66b5b83cf6b73296ff5bec150d103
- SHA1
  
  3bfe4209569287f567e3fbd63982dbce2f8c231d
- SHA256
  
  72487654d06a0b791464085da985978d5c100cffc8439f8b3a9246bcbbb8c4e8
- SHA512
  
  26585d772eed8877450926f7c065dfbbad30eea7137667e552dc36569f71908b127c4c1880a16cff0451bd3ccaa02c9094337fd433c367b03c137cbccb2cc4fa
- SSDEEP
  
  12288:KIR5x+u6RfbWYCrt/22puGGh6abmMbvZwPO5ICGIb1L8idw0sDn2GVqgAlpoI/JM:I3WYatucdvRIb1I4ENZIh7vgt
Score

10^/10

darkcloud discovery stealer
- DarkCloud
  An information stealer written in Visual Basic.
  stealer darkcloud
- Darkcloud family
  darkcloud
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

darkclouddiscoverystealer