Threat Advisories:
🎧 Hive Force Labs: October First Threat Research
👥 Play Count: Loading...

DarkCloud Uses Fileless Techniques Turning into a Nightmare for Windows

Amber | Attack Report
Download PDF

DarkCloud, a Windows-based information stealer first detected in 2022, resurfaced in 2025 with new delivery and obfuscation tactics, including ConfuserEx-protected files and a VB6 payload. Spread mainly via phishing emails with malicious RAR attachments, it uses JavaScript and PowerShell to deploy a fileless .NET DLL, gain persistence, and inject its payload into MSBuild.exe, stealing browser credentials and payment data for exfiltration via FTP or SMTP.

What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox

Cybersecurity Leaders Dinner In Houston

Learn how to reduce your exposure to imminent risk & Network with Industry Peers

Hosted by former CISO, Al Lindseth and Threat Exposure Evangelist, Critt Golden.

Tuesday, October 7th, 2025
6.00 pm to 9.00 pm
Del Friscos Double Eagle Steakhouse, Houston TX