user@threatcheck.sh ~ threat-analysis
bash
$ analyze-threat Trojan:Win32/DarkCloud.EALN!MTB
Trojan:Win32/DarkCloud.EALN!MTB - Windows Defender threat signature analysis

Trojan:Win32/DarkCloud.EALN!MTB - Windows Defender Threat Analysis

$ cat analysis.txt
=== THREAT ANALYSIS REPORT ===
Threat Name: Trojan:Win32/DarkCloud.EALN!MTB
Classification:
Type:Trojan
Platform:Win32
Family:DarkCloud
Detection Type:Concrete
Known malware family with identified signatures
Variant:EALN
Specific signature variant within the malware family
Suffix:!MTB
Detected via machine learning and behavioral analysis
Detection Method:Behavioral
Confidence:Very High
False-Positive Risk:Low

Concrete signature match: Trojan - Appears legitimate but performs malicious actions for 32-bit Windows platform, family DarkCloud

Summary:

This threat is a Trojan from the DarkCloud malware family, identified by its malicious behavior via machine learning. This malware is designed to steal sensitive information, provide attackers with remote access, and can be used to download additional malicious payloads onto the compromised system.

Severity:
Medium
VDM Static Detection:
No specific strings found for this threat
YARA Rule:
rule Trojan_Win32_DarkCloud_EALN_2147935744_0
{
    meta:
        author = "threatcheck.sh"
        detection_name = "Trojan:Win32/DarkCloud.EALN!MTB"
        threat_id = "2147935744"
        type = "Trojan"
        platform = "Win32: Windows 32-bit platform"
        family = "DarkCloud"
        severity = "Critical"
        info = "MTB: Microsoft Threat Behavior"
        signature_type = "SIGNATURE_TYPE_PEHSTR_EXT"
        threshold = "5"
        strings_accuracy = "High"
    strings:
        $x_5_1 = {8b 48 0c 8b 85 28 ff ff ff 8b b5 20 ff ff ff 8a 14 02 32 14 31 8b 45 cc 8b 48 0c 8b 85 18 ff ff ff 88 14 01 c7 45 fc 0b 00 00 00}  //weight: 5, accuracy: High
    condition:
        (filesize < 20MB) and
        (all of ($x*))
}
Known malware which is associated with this threat:
Filename: cbaeadcb4717826bb3396d5d9a73cbee387612e7a28c1ab694a45b6d6ed6a54b
cbaeadcb4717826bb3396d5d9a73cbee387612e7a28c1ab694a45b6d6ed6a54b
08/12/2025
VirusTotalDownload Sample
Filename: 67c912690c58265149d585c58180d4ba644f8df15e929afe1cbe7584b87f6ad5
67c912690c58265149d585c58180d4ba644f8df15e929afe1cbe7584b87f6ad5
08/12/2025
VirusTotalDownload Sample
Filename: 4ce622859799a052dd782becc6ff42b238f16501eb5c9044abb7320251ef0e66
4ce622859799a052dd782becc6ff42b238f16501eb5c9044abb7320251ef0e66
08/12/2025
VirusTotalDownload Sample
846fb6d9a84fcb127041d2203f0dab18d838abbce22d597e5b8204f268fabe73
08/11/2025
VirusTotalDownload Sample
Remediation Steps:
Isolate the affected endpoint from the network. Run a full antivirus scan to ensure complete removal of all components. Reset passwords for all accounts that were used on the system and monitor for unauthorized activity.
=== END REPORT ===
$ reanalyze-threat
This analysis was last updated on 08/11/2025. Do you want to analyze it again?
$ ls available-commands/
→ cd /home
user@threatcheck.sh:~$