darkcloud | dc7d0f2d1aeddd857b663cc832f9e74e41646e3ac39bf7fc7898eab0c29fff9b | Triage

Submit
Reports

Overview

overview

Static

static

5

RFQ-04-202...09.exe

windows10-2004-x64

Sharing

General

Target

dc7d0f2d1aeddd857b663cc832f9e74e41646e3ac39bf7fc7898eab0c29fff9b
Size

709KB
Sample

250404-dxfbla1nx8
MD5

4081e2093e535471cab84cf2d755f81e
SHA1

aeaa195c41eebe83c8eb44becac3b7b947745789
SHA256

dc7d0f2d1aeddd857b663cc832f9e74e41646e3ac39bf7fc7898eab0c29fff9b
SHA512

5fb946b805cfab0ce6c6b6a7f178247ffb633ea896115e4690a452b4785e8883d20fd47aff42316f7ee5a4ad808fb29096485e44591499d0f7aec7dcad0f3993
SSDEEP

12288:sTGktrXLuxDJKjwRMpkvFx1oBxuzK1xFQ9Gi1Vez2KUBVuOKyHAEVn83BRCAp6Lc:9khuGMRM27KBQzKzAVs2KUDNHAEqxR4A

Score

10^/10

darkcloud discovery stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

RFQ-04-2025-N0 010-9223-613809.exe

Resource

win10v2004-20250314-en

darkcloud discovery stealer

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

darkcloud

Credentials

Protocol: ftp
Host:
ftp.mailo.com
Port:
21
Username:
[email protected]
Password:
Rosemary01@01@!!0404

Targets

- Target
  
  RFQ-04-2025-N0 010-9223-613809.exe
- Size
  
  1.2MB
- MD5
  
  7be434447e850a24388a7a90f1f1c877
- SHA1
  
  dddc1028e5615dceed9f66ba9f598e4da5b1984c
- SHA256
  
  8cb7fc99d1b138e4ebab403634ae627a8b918f92c41621ec409f23cac2c36c90
- SHA512
  
  b30da6300cb99fb2d2774670a45b1001ee458da1447daf0c3610fee3b3479a95ace9bfb162806f0922a76d7db9616c39604f881a7d363ad5992b434d955b2bd8
- SSDEEP
  
  24576:Ru6J33O0c+JY5UZ+XC0kGso6FaH6NyUZqoGMCccPqSaH9WY:Du0c++OCvkGs9FaH6NWoGMCccPnhY
Score

10^/10

darkcloud discovery stealer
- DarkCloud
  An information stealer written in Visual Basic.
  stealer darkcloud
- Darkcloud family
  darkcloud
- Drops startup file
- Executes dropped EXE
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkclouddiscoverystealer

© 2018-2025

Terms | Privacy