darkcloud | 4be6383083a1700605fa75c4bee66a68ad3d078952a1692e621171ada56a4adc | Triage

Sharing

General

Target

31032025_1454_28032025_factura de pago.tgz
Size

508KB
Sample

250331-r96afassdz
MD5

3f21cbef84229b7c16d3b880f025d2d7
SHA1

f37179d09421ce2324df56264bd60d30e676f08e
SHA256

4be6383083a1700605fa75c4bee66a68ad3d078952a1692e621171ada56a4adc
SHA512

d1b45caa2aaf05075e3af6512498df113ae13953bf90f268f8092e90d6c6ed883c9831f3d1fe109e7ab416d744a50022662b9c80f249f8b2f6a30f53ed690a3f
SSDEEP

12288:deMPwtow0ZjR1Z82k2ITU/NvfI+CHa5/BJnJfquq6g:de9toXXUONvfI+CHYBlkp

Score

10^/10

darkcloud discovery stealer

Malware Config

Extracted

Family

darkcloud

Credentials

Protocol: ftp
Host:
@StrFtpServer
Port:
21
Username:
@StrFtpUser
Password:
@StrFtpPass

Targets

- Target
  
  factura de pago.exe
- Size
  
  710KB
- MD5
  
  ef37cc9579f995f2f594bf5afa9abbc4
- SHA1
  
  e45d95b95fdcc2cc4cd39a0143dc8768e48182a7
- SHA256
  
  cbb5d6740bb58f3b8fe93408fd2fbc968023c121de1089c885a824c5a67e16e6
- SHA512
  
  4939c796abc2ee80dd316a0c8f51dba3566b981222dd98624e2c7015bb8e1aa61a67f69dccacf36999b6fc44dda86d2967b338c8016869223ab00c59961cf83d
- SSDEEP
  
  12288:KIR5x+u6RfbWYCrt/22puGGh6abmMbvZwPO5ICBwu1L8idw0sDn2GVr8DY+31PmE:I3WYatucdvGwu1I4EN+zF+Mt
Score

10^/10

darkcloud discovery stealer
- DarkCloud
  An information stealer written in Visual Basic.
  stealer darkcloud
- Darkcloud family
  darkcloud
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkclouddiscoverystealer