darkcloud | b25221859e63fc6bf33c8cfcfb8daed6e4565596df32788b1bb1260c9cd88dcd | Triage

Sharing

General

Target

4.rar
Size

878KB
Sample

250403-ndsspavzbv
MD5

d75f4b18ea427930433577229878f51a
SHA1

435d1d28ecd76c07efff647e346882737923e9c0
SHA256

b25221859e63fc6bf33c8cfcfb8daed6e4565596df32788b1bb1260c9cd88dcd
SHA512

92703b08f856be4d12c79af7087eeadb74e1b0874c4baf094f66a6e52f8970ba122f12505321964483d25c8c3db482e51765917e939d3a6f982f49c2226e2aae
SSDEEP

24576:FFi5sKaBlRrt6ATFbSYst1pyWRDYeV/dCsQJTq4+xSf:FFKsKMlRh6TYsjrRsqCsQ2K

Score

10^/10

darkcloud discovery stealer

Malware Config

Extracted

Family

darkcloud

Credentials

Protocol: ftp
Host:
@StrFtpServer
Port:
21
Username:
@StrFtpUser
Password:
@StrFtpPass

Targets

- Target
  
  factura de pago.exe
- Size
  
  1.9MB
- MD5
  
  4e21913b9926daa21576d2e53ac359d0
- SHA1
  
  3dc3bb001d195e37066a194850c8b737fae672b1
- SHA256
  
  a5fda7ecdbf8971be95a9727a1be2823bb5212c960f0c1d0ececaaf913dfb5bc
- SHA512
  
  f6e75fac5d3ceeb5c9b4290abf34a76fe840fcd7e08bcfabde34ac8504d4884af3f9dd6e612b2da1b7e476988ea7bed6cdeb8c8d408ff47da379f0a48727a956
- SSDEEP
  
  24576:wLzHe6s3gANE5KfDj3Dy+HHr8wph++r0WGRKzn09:Gz4m5IzuulF0lRH
Score

10^/10

darkcloud discovery stealer
- DarkCloud
  An information stealer written in Visual Basic.
  stealer darkcloud
- Darkcloud family
  darkcloud
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkclouddiscoverystealer