Description
DarkVNC is a malicious version of the famous VNC software.
fe9462599a08f62eb6d8035dd453fad7
General
Target
Size
Sample
fe9462599a08f62eb6d8035dd453fad7
579KB
211223-pyg3csafal
Score
10 /10
MD5
SHA1
SHA256
SHA512
fe9462599a08f62eb6d8035dd453fad7
6fdf760e3768ab2797ccd271f59a48abb8b7a6bd
0531cae688e34d09b9a7da4e5f50cedaf854d47e7d15eae958cd569a1ecf0b55
6de9d4fa81af0bd904bc1b88339a62a4e2f46dd7575771f68e42dd77389cf96907f6af1dbbe1bf2e4e5a1e7d4cbeb4dc7cf5af23b9bde187759c405f1127ea5c
Malware Config
Targets
Target
MD5
Filesize
fe9462599a08f62eb6d8035dd453fad7
fe9462599a08f62eb6d8035dd453fad7
579KB
Score
10/10
SHA1
SHA256
SHA512
6fdf760e3768ab2797ccd271f59a48abb8b7a6bd
0531cae688e34d09b9a7da4e5f50cedaf854d47e7d15eae958cd569a1ecf0b55
6de9d4fa81af0bd904bc1b88339a62a4e2f46dd7575771f68e42dd77389cf96907f6af1dbbe1bf2e4e5a1e7d4cbeb4dc7cf5af23b9bde187759c405f1127ea5c
Tags
Signatures
-
DarkVNC
-
Modifies system executable filetype association
Tags
TTPs
-
Neshta
Description
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
Tags
-
DarkVNC Payload
Tags
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Description
Infostealers often target stored browser data, which can include saved credentials etc.
Tags
TTPs
-
Suspicious use of SetThreadContext
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks