Overview

overview

10

Static

static

1

2025-03-30...om.exe

windows7-x64

1

2025-03-30...om.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-03-30_ef37cc9579f995f2f594bf5afa9abbc4_black-basta_cobalt-strike_ryuk_satacom

  • Size

    710KB

  • Sample

    250330-tcga6atrw3

  • MD5

    ef37cc9579f995f2f594bf5afa9abbc4

  • SHA1

    e45d95b95fdcc2cc4cd39a0143dc8768e48182a7

  • SHA256

    cbb5d6740bb58f3b8fe93408fd2fbc968023c121de1089c885a824c5a67e16e6

  • SHA512

    4939c796abc2ee80dd316a0c8f51dba3566b981222dd98624e2c7015bb8e1aa61a67f69dccacf36999b6fc44dda86d2967b338c8016869223ab00c59961cf83d

  • SSDEEP

    12288:KIR5x+u6RfbWYCrt/22puGGh6abmMbvZwPO5ICBwu1L8idw0sDn2GVr8DY+31PmE:I3WYatucdvGwu1I4EN+zF+Mt

Score
10/10
darkclouddiscoverystealer

Malware Config

Extracted

Family

darkcloud

Credentials

  • Protocol:     ftp
  • Host:
    @StrFtpServer
  • Port:
    21
  • Username:
    @StrFtpUser
  • Password:
    @StrFtpPass

Targets

    • Target

      2025-03-30_ef37cc9579f995f2f594bf5afa9abbc4_black-basta_cobalt-strike_ryuk_satacom

    • Size

      710KB

    • MD5

      ef37cc9579f995f2f594bf5afa9abbc4

    • SHA1

      e45d95b95fdcc2cc4cd39a0143dc8768e48182a7

    • SHA256

      cbb5d6740bb58f3b8fe93408fd2fbc968023c121de1089c885a824c5a67e16e6

    • SHA512

      4939c796abc2ee80dd316a0c8f51dba3566b981222dd98624e2c7015bb8e1aa61a67f69dccacf36999b6fc44dda86d2967b338c8016869223ab00c59961cf83d

    • SSDEEP

      12288:KIR5x+u6RfbWYCrt/22puGGh6abmMbvZwPO5ICBwu1L8idw0sDn2GVr8DY+31PmE:I3WYatucdvGwu1I4EN+zF+Mt

    Score
    10/10
    darkclouddiscoverystealer

    • DarkCloud

      An information stealer written in Visual Basic.

      stealerdarkcloud

    • Darkcloud family

      darkcloud

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.