darkcloud | a5fda7ecdbf8971be95a9727a1be2823bb5212c960f0c1d0ececaaf913dfb5bc | Triage

Sharing

General

Target

2025-04-04_4e21913b9926daa21576d2e53ac359d0_black-basta_cobalt-strike_ryuk_satacom
Size

1.9MB
Sample

250404-jvw48asxdy
MD5

4e21913b9926daa21576d2e53ac359d0
SHA1

3dc3bb001d195e37066a194850c8b737fae672b1
SHA256

a5fda7ecdbf8971be95a9727a1be2823bb5212c960f0c1d0ececaaf913dfb5bc
SHA512

f6e75fac5d3ceeb5c9b4290abf34a76fe840fcd7e08bcfabde34ac8504d4884af3f9dd6e612b2da1b7e476988ea7bed6cdeb8c8d408ff47da379f0a48727a956
SSDEEP

24576:wLzHe6s3gANE5KfDj3Dy+HHr8wph++r0WGRKzn09:Gz4m5IzuulF0lRH

Score

10^/10

darkcloud discovery stealer

Malware Config

Extracted

Family

darkcloud

Credentials

Protocol: ftp
Host:
@StrFtpServer
Port:
21
Username:
@StrFtpUser
Password:
@StrFtpPass

Targets

- Target
  
  2025-04-04_4e21913b9926daa21576d2e53ac359d0_black-basta_cobalt-strike_ryuk_satacom
- Size
  
  1.9MB
- MD5
  
  4e21913b9926daa21576d2e53ac359d0
- SHA1
  
  3dc3bb001d195e37066a194850c8b737fae672b1
- SHA256
  
  a5fda7ecdbf8971be95a9727a1be2823bb5212c960f0c1d0ececaaf913dfb5bc
- SHA512
  
  f6e75fac5d3ceeb5c9b4290abf34a76fe840fcd7e08bcfabde34ac8504d4884af3f9dd6e612b2da1b7e476988ea7bed6cdeb8c8d408ff47da379f0a48727a956
- SSDEEP
  
  24576:wLzHe6s3gANE5KfDj3Dy+HHr8wph++r0WGRKzn09:Gz4m5IzuulF0lRH
Score

10^/10

darkcloud discovery stealer
- DarkCloud
  An information stealer written in Visual Basic.
  stealer darkcloud
- Darkcloud family
  darkcloud
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkclouddiscoverystealer