darkcloud | 6b8a4c3d4a4a0a3aea50037744c5fec26a38d3fb6a596d006457f1c51bbc75c7 | Triage

Submit
Reports

Overview

overview

Static

static

1

AprilNewOrder.js

windows10-2004-x64

Sharing

General

Target

AprilNewOrder.js
Size

2KB
Sample

250403-jyx6pasyaw
MD5

07151504178ba40a7d393a217ca6e169
SHA1

592662fe8699669abbed3e29d4b9f784ae22a0c9
SHA256

6b8a4c3d4a4a0a3aea50037744c5fec26a38d3fb6a596d006457f1c51bbc75c7
SHA512

99ac2e98d003321fd6f20de14fe6c0fc16a5f716d257b6266e1b6b3ffd7ebf5eaac6234509ea694b1ed5094cc720e852fd37806331cac7922f25427c8c16ded1

Score

10^/10

darkcloud discovery execution stealer

Static task

static1

Behavioral task

behavioral1

Sample

AprilNewOrder.js

Resource

win10v2004-20250313-en

darkcloud discovery execution stealer

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

darkcloud

C2

https://api.telegram.org/bot7684022823:AAFw0jHSu-b4qs6N7yC88nUOR8ovPrCdIrs/sendMessage?chat_id=6542615755

Targets

- Target
  
  AprilNewOrder.js
- Size
  
  2KB
- MD5
  
  07151504178ba40a7d393a217ca6e169
- SHA1
  
  592662fe8699669abbed3e29d4b9f784ae22a0c9
- SHA256
  
  6b8a4c3d4a4a0a3aea50037744c5fec26a38d3fb6a596d006457f1c51bbc75c7
- SHA512
  
  99ac2e98d003321fd6f20de14fe6c0fc16a5f716d257b6266e1b6b3ffd7ebf5eaac6234509ea694b1ed5094cc720e852fd37806331cac7922f25427c8c16ded1
Score

10^/10

darkcloud discovery execution stealer
- DarkCloud
  An information stealer written in Visual Basic.
  stealer darkcloud
- Darkcloud family
  darkcloud
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkclouddiscoveryexecutionstealer

© 2018-2025

Terms | Privacy