darkcloud | 8495fddf26cbc9c009f6a93b6a61f5447a8f2d41d574020509c1a72f499140c6 | Triage

Submit
Reports

Overview

overview

Static

static

5

Halkbank E...df.exe

windows10-2004-x64

Sharing

General

Target

Halkbank Ekstre.pdf.exe
Size

1.3MB
Sample

250402-jmqx8stsew
MD5

5e4a8b932d470ecf00cd284e2c5848bd
SHA1

fa0fa4dd24aa8926049ed3d40bf229f3d151bd63
SHA256

8495fddf26cbc9c009f6a93b6a61f5447a8f2d41d574020509c1a72f499140c6
SHA512

29244fd7b26d16cd72fe56e59278272cff61284d3a1b1e0b11dff3bc48d8fd841a7202e691166cfee20f0c7774183de44b77d76bd7b919f557e46d0f3ad00b55
SSDEEP

24576:gu6J33O0c+JY5UZ+XC0kGso6FaVSB6wWDe9xD706TIBOWY:Ku0c++OCvkGs9FaVSBg+xD706TyY

Score

10^/10

darkcloud discovery stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Halkbank Ekstre.pdf.exe

Resource

win10v2004-20250314-en

darkcloud discovery stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

darkcloud

Credentials

Protocol: ftp
Host:
@StrFtpServer
Port:
21
Username:
@StrFtpUser
Password:
@StrFtpPass

Targets

- Target
  
  Halkbank Ekstre.pdf.exe
- Size
  
  1.3MB
- MD5
  
  5e4a8b932d470ecf00cd284e2c5848bd
- SHA1
  
  fa0fa4dd24aa8926049ed3d40bf229f3d151bd63
- SHA256
  
  8495fddf26cbc9c009f6a93b6a61f5447a8f2d41d574020509c1a72f499140c6
- SHA512
  
  29244fd7b26d16cd72fe56e59278272cff61284d3a1b1e0b11dff3bc48d8fd841a7202e691166cfee20f0c7774183de44b77d76bd7b919f557e46d0f3ad00b55
- SSDEEP
  
  24576:gu6J33O0c+JY5UZ+XC0kGso6FaVSB6wWDe9xD706TIBOWY:Ku0c++OCvkGs9FaVSBg+xD706TyY
Score

10^/10

darkcloud discovery stealer
- DarkCloud
  An information stealer written in Visual Basic.
  stealer darkcloud
- Darkcloud family
  darkcloud
- Drops startup file
- Executes dropped EXE
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkclouddiscoverystealer

© 2018-2025

Terms | Privacy