darkvnc | 93b96a1511a6f2084db207b831e3e072d8e5a4901592db660d456d10e5f618dd | Triage

Submit
Reports

Overview

overview

Static

static

ce8db50913...4a.exe

windows7_x64

3

ce8db50913...4a.exe

windows10_x64

Sharing

General

Target

ce8db50913eff9d4e600312d7c446b4a
Size

691KB
Sample

211223-knrrlaabbm
MD5

ce8db50913eff9d4e600312d7c446b4a
SHA1

6ed1b7efb1acb82b5856824a66b0a70af319109f
SHA256

93b96a1511a6f2084db207b831e3e072d8e5a4901592db660d456d10e5f618dd
SHA512

74f979d6678ab68b6063b8497f37303d41c0f084ee198d0260fd90fc28aa8a1e1cc55a8bcd65cff7c05338bc93e23b33767efa1d0c8974a1a3039916835d05e4

Score

10^/10

darkvnc neshta redline runpe discovery infostealer persistence rat spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

ce8db50913eff9d4e600312d7c446b4a.exe

Resource

win7-en-20211208

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

ce8db50913eff9d4e600312d7c446b4a.exe

Resource

win10-en-20211208

darkvnc neshta redline runpe discovery infostealer persistence rat spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

runpe

C2

142.202.242.172:7667

Targets

- Target
  
  ce8db50913eff9d4e600312d7c446b4a
- Size
  
  691KB
- MD5
  
  ce8db50913eff9d4e600312d7c446b4a
- SHA1
  
  6ed1b7efb1acb82b5856824a66b0a70af319109f
- SHA256
  
  93b96a1511a6f2084db207b831e3e072d8e5a4901592db660d456d10e5f618dd
- SHA512
  
  74f979d6678ab68b6063b8497f37303d41c0f084ee198d0260fd90fc28aa8a1e1cc55a8bcd65cff7c05338bc93e23b33767efa1d0c8974a1a3039916835d05e4
Score

10^/10

darkvnc neshta redline runpe discovery infostealer persistence rat spyware stealer
- DarkVNC
  DarkVNC is a malicious version of the famous VNC software.
  rat darkvnc
- Detect Neshta Payload
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- DarkVNC Payload
  rat
- Downloads MZ/PE file
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Change Default File Association

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

darkvncneshtaredlinerunpediscoveryinfostealerpersistenceratspywarestealer

© 2018-2025

Terms | Privacy