darkcloud | e35ba541c58803f6ec98109c6e2bcb0dbd1dd65f9f51b1166ede6599928a37f0 | Triage

Sharing

General

Target

29032025_0207_28032025_recibo de pago.tgz
Size

508KB
Sample

250329-cj863sxpy8
MD5

db8106c3e219651d9bce87c109313f4e
SHA1

8bfdba15e8ff19ee97eb999233035e92796ebaad
SHA256

e35ba541c58803f6ec98109c6e2bcb0dbd1dd65f9f51b1166ede6599928a37f0
SHA512

fc52c4156e4f5330743d3a37fe8acd6a359585cd55b42e400bab5e38e8881f812cbf798b8c8d55c97dab22beb291d7bf82ac7828a0d8f156566984b2e9903a3f
SSDEEP

12288:weMPwtow0ZjR1Z82k2ITU/NvfI+CHa5/BJnJfquq6w:we9toXXUONvfI+CHYBlkD

Score

10^/10

darkcloud discovery stealer

Malware Config

Extracted

Family

darkcloud

Credentials

Protocol: ftp
Host:
@StrFtpServer
Port:
21
Username:
@StrFtpUser
Password:
@StrFtpPass

Targets

- Target
  
  recibo de pago.exe
- Size
  
  710KB
- MD5
  
  ef37cc9579f995f2f594bf5afa9abbc4
- SHA1
  
  e45d95b95fdcc2cc4cd39a0143dc8768e48182a7
- SHA256
  
  cbb5d6740bb58f3b8fe93408fd2fbc968023c121de1089c885a824c5a67e16e6
- SHA512
  
  4939c796abc2ee80dd316a0c8f51dba3566b981222dd98624e2c7015bb8e1aa61a67f69dccacf36999b6fc44dda86d2967b338c8016869223ab00c59961cf83d
- SSDEEP
  
  12288:KIR5x+u6RfbWYCrt/22puGGh6abmMbvZwPO5ICBwu1L8idw0sDn2GVr8DY+31PmE:I3WYatucdvGwu1I4EN+zF+Mt
Score

10^/10

darkcloud discovery stealer
- DarkCloud
  An information stealer written in Visual Basic.
  stealer darkcloud
- Darkcloud family
  darkcloud
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

darkclouddiscoverystealer