fe9462599a08f62eb6d8035dd453fad7

General
Target

fe9462599a08f62eb6d8035dd453fad7

Size

579KB

Sample

211223-pyg3csafal

Score
10 /10
MD5

fe9462599a08f62eb6d8035dd453fad7

SHA1

6fdf760e3768ab2797ccd271f59a48abb8b7a6bd

SHA256

0531cae688e34d09b9a7da4e5f50cedaf854d47e7d15eae958cd569a1ecf0b55

SHA512

6de9d4fa81af0bd904bc1b88339a62a4e2f46dd7575771f68e42dd77389cf96907f6af1dbbe1bf2e4e5a1e7d4cbeb4dc7cf5af23b9bde187759c405f1127ea5c

Malware Config
Targets
Target

fe9462599a08f62eb6d8035dd453fad7

MD5

fe9462599a08f62eb6d8035dd453fad7

Filesize

579KB

Score
10/10
SHA1

6fdf760e3768ab2797ccd271f59a48abb8b7a6bd

SHA256

0531cae688e34d09b9a7da4e5f50cedaf854d47e7d15eae958cd569a1ecf0b55

SHA512

6de9d4fa81af0bd904bc1b88339a62a4e2f46dd7575771f68e42dd77389cf96907f6af1dbbe1bf2e4e5a1e7d4cbeb4dc7cf5af23b9bde187759c405f1127ea5c

Tags

Signatures

  • DarkVNC

    Description

    DarkVNC is a malicious version of the famous VNC software.

    Tags

  • Modifies system executable filetype association

    Tags

    TTPs

    Modify RegistryChange Default File Association
  • Neshta

    Description

    Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    Tags

  • DarkVNC Payload

    Tags

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Privilege Escalation