Eye of the Storm: Analyzing DarkCloud's Latest Capabilities

Description

eSentire's Threat Response Unit detected a spear-phishing campaign targeting a manufacturing customer, attempting to deliver the DarkCloud information-stealing malware. The malware, distributed through a malicious zip archive, has undergone significant updates including a VB6 rewrite and enhanced evasion techniques. DarkCloud targets various data types including browser credentials, keystrokes, FTP credentials, and cryptocurrency wallets. The malware employs sophisticated evasion methods to avoid detection by sandboxes and security researchers. It supports multiple exfiltration methods including SMTP, Telegram, FTP, and Web Panel. The report provides detailed technical analysis of DarkCloud's functionality, distribution methods, and evasion techniques.