Overview

overview

10

Static

static

sonic v ki...va.exe

windows7_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    sonic v kino lanq‮iva.exe

  • Size

    803KB

  • Sample

    220613-v3kxpsdhh7

  • MD5

    a7b16915c0b8e2dd71737ebae5b9a8e8

  • SHA1

    cfafbeb08b6d2379827c69d2f1fa522852d8ce8e

  • SHA256

    be59e12f00679d181237c8a17dc2586a6e3c37f5913d6098cca89999229fa437

  • SHA512

    482090b7ce2860c19bc59ea7c1ee6f2972e26bce398ceee2aff754fb0a8a56129cd48c3cc85ea13e3d6a51379c704362c72c10f79ae313eb58891a0ed0136ee4

Score
10/10
darkcometneshtapersistenceratspywarestealertrojan

Malware Config

Targets

    • Target

      sonic v kino lanq‮iva.exe

    • Size

      803KB

    • MD5

      a7b16915c0b8e2dd71737ebae5b9a8e8

    • SHA1

      cfafbeb08b6d2379827c69d2f1fa522852d8ce8e

    • SHA256

      be59e12f00679d181237c8a17dc2586a6e3c37f5913d6098cca89999229fa437

    • SHA512

      482090b7ce2860c19bc59ea7c1ee6f2972e26bce398ceee2aff754fb0a8a56129cd48c3cc85ea13e3d6a51379c704362c72c10f79ae313eb58891a0ed0136ee4

    Score
    10/10
    darkcometneshtapersistenceratspywarestealertrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Detect Neshta Payload

    • Modifies system executable filetype association

      persistence

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Change Default File Association

1
T1042

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks