Eye of the Storm: Analyzing DarkCloud's Latest Capabilities
Essential information
- Published
- 29/09/2025 09:34
- Modified
- 30/09/2025 09:08
- Tags
- 2025-09-29 crypto-wallet targeting darkcloud evasion techniques exfiltration information stealer spear-phishing vb6
- Related entities
- 13 techniques (mitre), 1 malware, 1 others
Description
eSentire's Threat Response Unit detected a spear-phishing campaign targeting a manufacturing customer, attempting to deliver the DarkCloud information-stealing malware. The malware, distributed through a malicious zip archive, has undergone significant updates including a VB6 rewrite and enhanced evasion techniques. DarkCloud targets various data types including browser credentials, keystrokes, FTP credentials, and cryptocurrency wallets. The malware employs sophisticated evasion methods to avoid detection by sandboxes and security researchers. It supports multiple exfiltration methods including SMTP, Telegram, FTP, and Web Panel. The report provides detailed technical analysis of DarkCloud's functionality, distribution methods, and evasion techniques.