darkcloud | ff43e418ab0fac587b9f6d19ccbeb59dcd863c9812af96e430573215cb1fc68f | Triage

Sharing

General

Target

2025-04-02_52df7e5c0a0ea8ebdc91132d2e3df15d_black-basta_cobalt-strike_ryuk_satacom
Size

1.9MB
Sample

250402-q9k4tsxwgw
MD5

52df7e5c0a0ea8ebdc91132d2e3df15d
SHA1

ea3e181fc08863e9ed7a01933c845039f39e7515
SHA256

ff43e418ab0fac587b9f6d19ccbeb59dcd863c9812af96e430573215cb1fc68f
SHA512

4c4f728fb7568c89407c4708266ce99bd95ed405a786a2287bf6581548183354770f5059b0a7ee9b532a753eb6235afbb9b861ab4c6b43bcd33aea9092ce38c4
SSDEEP

24576:OSdQ2Ak+vC2ZfEbpRsnqQ02L8CJn+rvq1I4ENBtWrv/:9F14yTshBI4km

Score

10^/10

darkcloud discovery stealer

Malware Config

Extracted

Family

darkcloud

Credentials

Protocol: ftp
Host:
@StrFtpServer
Port:
21
Username:
@StrFtpUser
Password:
@StrFtpPass

Targets

- Target
  
  2025-04-02_52df7e5c0a0ea8ebdc91132d2e3df15d_black-basta_cobalt-strike_ryuk_satacom
- Size
  
  1.9MB
- MD5
  
  52df7e5c0a0ea8ebdc91132d2e3df15d
- SHA1
  
  ea3e181fc08863e9ed7a01933c845039f39e7515
- SHA256
  
  ff43e418ab0fac587b9f6d19ccbeb59dcd863c9812af96e430573215cb1fc68f
- SHA512
  
  4c4f728fb7568c89407c4708266ce99bd95ed405a786a2287bf6581548183354770f5059b0a7ee9b532a753eb6235afbb9b861ab4c6b43bcd33aea9092ce38c4
- SSDEEP
  
  24576:OSdQ2Ak+vC2ZfEbpRsnqQ02L8CJn+rvq1I4ENBtWrv/:9F14yTshBI4km
Score

10^/10

darkcloud discovery stealer
- DarkCloud
  An information stealer written in Visual Basic.
  stealer darkcloud
- Darkcloud family
  darkcloud
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkclouddiscoverystealer