darkcloud | f6d9198bd707c49454b83687af926ccb8d13c7e43514f59eac1507467e8fb140 | Triage

Sharing

General

Target

kay.ps1
Size

1.1MB
Sample

250402-pg14xawwh1
MD5

e4f6fbf6b952148147b14df27b48c124
SHA1

b90df42f2218e59097a1df29cf5b8c88bb2e7922
SHA256

f6d9198bd707c49454b83687af926ccb8d13c7e43514f59eac1507467e8fb140
SHA512

9a51f5cf8244a69e46eb554672a213f43e9c9e694f33fdc132d10a7fdfaae20ec98ea3ad767b4afb3f3b6cd4c86531e47bbe36157562d289aaa0d981e823a796
SSDEEP

24576:5lUCJ05z5vh0MAUVQF7CguO9IQjYS3yviPY:5Pqx5+UQ73Q5n

Score

10^/10

darkcloud discovery execution stealer

Malware Config

Extracted

Family

darkcloud

C2

https://api.telegram.org/bot7684022823:AAFw0jHSu-b4qs6N7yC88nUOR8ovPrCdIrs/sendMessage?chat_id=6542615755

Targets

- Target
  
  kay.ps1
- Size
  
  1.1MB
- MD5
  
  e4f6fbf6b952148147b14df27b48c124
- SHA1
  
  b90df42f2218e59097a1df29cf5b8c88bb2e7922
- SHA256
  
  f6d9198bd707c49454b83687af926ccb8d13c7e43514f59eac1507467e8fb140
- SHA512
  
  9a51f5cf8244a69e46eb554672a213f43e9c9e694f33fdc132d10a7fdfaae20ec98ea3ad767b4afb3f3b6cd4c86531e47bbe36157562d289aaa0d981e823a796
- SSDEEP
  
  24576:5lUCJ05z5vh0MAUVQF7CguO9IQjYS3yviPY:5Pqx5+UQ73Q5n
Score

10^/10

darkcloud discovery execution stealer
- DarkCloud
  An information stealer written in Visual Basic.
  stealer darkcloud
- Darkcloud family
  darkcloud
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkclouddiscoveryexecutionstealer