darkvnc | dbe884a85be7dce2d3db0efb74b9b3c39f5be64730dcce6f7c9e17acc6e444eb | Triage

Submit
Reports

Overview

overview

Static

static

usfive_202...29.exe

windows7_x64

8

usfive_202...29.exe

windows10_x64

Sharing

General

Target

usfive_20210718-044029
Size

455KB
Sample

210718-wv4v942ayx
MD5

6acecf7a244dbbf26483578e4dc597d5
SHA1

f1a62a55910bd825459ad1fd9b8a4e64f2d7485f
SHA256

dbe884a85be7dce2d3db0efb74b9b3c39f5be64730dcce6f7c9e17acc6e444eb
SHA512

441aef1f9512ab94eeada971d48ec7a56aef061292f0b10880f36f2a8baa9166ff3ad2e4c13aa785d9f6799d694939432d742fd2e627435f021d000ded26c1fe

Score

10^/10

darkvnc discovery rat spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

usfive_20210718-044029.exe

Resource

win7v20210410

discovery spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

usfive_20210718-044029.exe

Resource

win10v20210410

darkvnc discovery rat spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  usfive_20210718-044029
- Size
  
  455KB
- MD5
  
  6acecf7a244dbbf26483578e4dc597d5
- SHA1
  
  f1a62a55910bd825459ad1fd9b8a4e64f2d7485f
- SHA256
  
  dbe884a85be7dce2d3db0efb74b9b3c39f5be64730dcce6f7c9e17acc6e444eb
- SHA512
  
  441aef1f9512ab94eeada971d48ec7a56aef061292f0b10880f36f2a8baa9166ff3ad2e4c13aa785d9f6799d694939432d742fd2e627435f021d000ded26c1fe
Score

10^/10

discovery spyware stealer darkvnc rat
- DarkVNC
  DarkVNC is a malicious version of the famous VNC software.
  rat darkvnc
- Suspicious use of NtCreateProcessExOtherParentProcess
- DarkVNC Payload
  rat
- Downloads MZ/PE file
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryspywarestealer

behavioral2

darkvncdiscoveryratspywarestealer

© 2018-2024

Terms | Privacy