darkvnc | 0531cae688e34d09b9a7da4e5f50cedaf854d47e7d15eae958cd569a1ecf0b55 | Triage

Submit
Reports

Overview

overview

Static

static

fe9462599a...d7.exe

windows7_x64

fe9462599a...d7.exe

windows10_x64

Sharing

General

Target

fe9462599a08f62eb6d8035dd453fad7
Size

579KB
Sample

211223-pyg3csafal
MD5

fe9462599a08f62eb6d8035dd453fad7
SHA1

6fdf760e3768ab2797ccd271f59a48abb8b7a6bd
SHA256

0531cae688e34d09b9a7da4e5f50cedaf854d47e7d15eae958cd569a1ecf0b55
SHA512

6de9d4fa81af0bd904bc1b88339a62a4e2f46dd7575771f68e42dd77389cf96907f6af1dbbe1bf2e4e5a1e7d4cbeb4dc7cf5af23b9bde187759c405f1127ea5c

Score

10^/10

darkvnc neshta persistence rat spyware stealer

Static task

static1

rat darkvnc neshta

Behavioral task

behavioral1

Sample

fe9462599a08f62eb6d8035dd453fad7.exe

Resource

win7-en-20211208

darkvnc neshta persistence rat spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

fe9462599a08f62eb6d8035dd453fad7.exe

Resource

win10-en-20211208

darkvnc neshta persistence rat spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  fe9462599a08f62eb6d8035dd453fad7
- Size
  
  579KB
- MD5
  
  fe9462599a08f62eb6d8035dd453fad7
- SHA1
  
  6fdf760e3768ab2797ccd271f59a48abb8b7a6bd
- SHA256
  
  0531cae688e34d09b9a7da4e5f50cedaf854d47e7d15eae958cd569a1ecf0b55
- SHA512
  
  6de9d4fa81af0bd904bc1b88339a62a4e2f46dd7575771f68e42dd77389cf96907f6af1dbbe1bf2e4e5a1e7d4cbeb4dc7cf5af23b9bde187759c405f1127ea5c
Score

10^/10

darkvnc neshta persistence rat spyware stealer
- DarkVNC
  DarkVNC is a malicious version of the famous VNC software.
  rat darkvnc
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- DarkVNC Payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Change Default File Association

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

ratdarkvncneshta

behavioral1

darkvncneshtapersistenceratspywarestealer

behavioral2

darkvncneshtapersistenceratspywarestealer

© 2018-2024

Terms | Privacy