darkcloud | ff43e418ab0fac587b9f6d19ccbeb59dcd863c9812af96e430573215cb1fc68f | Triage

Submit
Reports

Overview

overview

Static

static

3

rOC13650_PDF.exe

windows10-2004-x64

Sharing

General

Target

rOC13650_PDF.exe
Size

1.9MB
Sample

250402-d24vrazzgv
MD5

52df7e5c0a0ea8ebdc91132d2e3df15d
SHA1

ea3e181fc08863e9ed7a01933c845039f39e7515
SHA256

ff43e418ab0fac587b9f6d19ccbeb59dcd863c9812af96e430573215cb1fc68f
SHA512

4c4f728fb7568c89407c4708266ce99bd95ed405a786a2287bf6581548183354770f5059b0a7ee9b532a753eb6235afbb9b861ab4c6b43bcd33aea9092ce38c4
SSDEEP

24576:OSdQ2Ak+vC2ZfEbpRsnqQ02L8CJn+rvq1I4ENBtWrv/:9F14yTshBI4km

Score

10^/10

darkcloud discovery stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

rOC13650_PDF.exe

Resource

win10v2004-20250314-en

darkcloud discovery stealer

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  rOC13650_PDF.exe
- Size
  
  1.9MB
- MD5
  
  52df7e5c0a0ea8ebdc91132d2e3df15d
- SHA1
  
  ea3e181fc08863e9ed7a01933c845039f39e7515
- SHA256
  
  ff43e418ab0fac587b9f6d19ccbeb59dcd863c9812af96e430573215cb1fc68f
- SHA512
  
  4c4f728fb7568c89407c4708266ce99bd95ed405a786a2287bf6581548183354770f5059b0a7ee9b532a753eb6235afbb9b861ab4c6b43bcd33aea9092ce38c4
- SSDEEP
  
  24576:OSdQ2Ak+vC2ZfEbpRsnqQ02L8CJn+rvq1I4ENBtWrv/:9F14yTshBI4km
Score

10^/10

darkcloud discovery stealer
- DarkCloud
  An information stealer written in Visual Basic.
  stealer darkcloud
- Darkcloud family
  darkcloud
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkclouddiscoverystealer

© 2018-2025

Terms | Privacy