Overview
overview
10Static
static
10Darkweb RC...ct.dll
windows7-x64
1Darkweb RC...ct.dll
windows10-2004-x64
1Darkweb RC...ol.exe
windows7-x64
7Darkweb RC...ol.exe
windows10-2004-x64
9Darkweb RCE/RCE.dll
windows7-x64
1Darkweb RCE/RCE.dll
windows10-2004-x64
1Darkweb RC...5V.dll
windows7-x64
1Darkweb RC...5V.dll
windows10-2004-x64
1Darkweb RC...nts.py
windows7-x64
3Darkweb RC...nts.py
windows10-2004-x64
3General
-
Target
Darkweb RCE.zip
-
Size
77.5MB
-
Sample
231230-wzcmladea3
-
MD5
5a2a46b5c145469021ac9eb4bd70d4e8
-
SHA1
8fa5a11f0c2d47d50824a2f997f01c9634311922
-
SHA256
60a18edab70b51dea63e1632224dd5ae46205239a6001e62efbd31bd1d5ab27d
-
SHA512
2be3088bf57bd9d6fbebc737b5b6bcf9bc54bb4ecf8774b9634e52e76d673a81700ed518c1baa3ffbe98cbc4ca6b1eacd5939961198e85f54bcc4f2ea1e1e6ee
-
SSDEEP
1572864:coOiJRijIDUSk8IpG7V+VPhqctgWUBtgW2jCHnfurijYmfZWEVd7T7d:coOftSkB05aw5WUgW2uHnfAijYGZHT7F
Behavioral task
behavioral1
Sample
Darkweb RCE/Inject.dll
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
Darkweb RCE/Inject.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
Darkweb RCE/RCE Tool.exe
Resource
win7-20231215-en
Behavioral task
behavioral4
Sample
Darkweb RCE/RCE Tool.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral5
Sample
Darkweb RCE/RCE.dll
Resource
win7-20231215-en
Behavioral task
behavioral6
Sample
Darkweb RCE/RCE.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral7
Sample
Darkweb RCE/UI.1.65V.dll
Resource
win7-20231215-en
Behavioral task
behavioral8
Sample
Darkweb RCE/UI.1.65V.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral9
Sample
Darkweb RCE/bin/requirements.py
Resource
win7-20231215-en
Behavioral task
behavioral10
Sample
Darkweb RCE/bin/requirements.py
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
Darkweb RCE/Inject.dll
-
Size
226KB
-
MD5
98e46b546c2aa9fd0f18e63e63c9f67f
-
SHA1
ba4b81bdae7701a01fd1cb779b1bf25eb23f0b4a
-
SHA256
27676ddf5f875f7cef3f3bd6ffdb772df220f11d17b373fc9d867808546e408a
-
SHA512
cef8eb21e26b7d05ad554cf54aa6cc4fefd051b22b8a790c1795abde95e2a7115e0d3ed0fcd55f43ef6b58acbf7a4adb57c2183b982d739167e46b10d5948bda
-
SSDEEP
6144:Gjj0PLhcXrzhqIAiyiiiiXoBcZpf+un4Dh4RXv:Gj3FqIAiyiiii4Bmf+u/RXv
Score1/10 -
-
-
Target
Darkweb RCE/RCE Tool.exe
-
Size
77.0MB
-
MD5
e969fd6bc574440566a2e9b7ddce6564
-
SHA1
2bb96f6d9df7a1db0aed848a1fdb3c595bc9e644
-
SHA256
f1b1bf2ba0e233523c63d540205b17a7be44316e9c835d4f6e58392eaab053e1
-
SHA512
5138a760b703b9cde9a34c2a32ecb7f9a1b840cb6913d3ac46cd86c9868b82f7b204eadf205f15a7b8c05b98991f0382e7970ac3357631a1008c98e100026138
-
SSDEEP
1572864:koOiJRijIDUSk8IpG7V+VPhqctgWUBtgW2jCHnfurijYmfZWEVd7T7:koOftSkB05aw5WUgW2uHnfAijYGZHT7f
Score9/10-
Enumerates VirtualBox DLL files
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
-
-
Target
Darkweb RCE/RCE.dll
-
Size
24KB
-
MD5
e6b8735ea19da68d9baa23f945a6fad3
-
SHA1
65ae6742bf4106ce56d57d3ab427bd3e379f9ca3
-
SHA256
48541be9ed6be56e4ee61dd48ce6b237b7a83a3be4db5a54ce350a042c77ecfe
-
SHA512
ca3f3945406b9dc64b67f78cb75687b487203f177f4d3a96ae070f5aafa01ef43c733dd69847c095d6484a616abfe85f37568f8b289564693b6a3947fcac4585
-
SSDEEP
192:iDGJzcLqS+q+obtogcv7QZYU+Am6+cfX/huI1Ps1YK2c5PkDVX:iKqHtobQZYU+Al+8XAI1q2c5PkDVX
Score1/10 -
-
-
Target
Darkweb RCE/UI.1.65V.dll
-
Size
236KB
-
MD5
2ecb51ab00c5f340380ecf849291dbcf
-
SHA1
1a4dffbce2a4ce65495ed79eab42a4da3b660931
-
SHA256
f1b3e0f2750a9103e46a6a4a34f1cf9d17779725f98042cc2475ec66484801cf
-
SHA512
e241a48eafcaf99187035f0870d24d74ae97fe84aaadd2591cceea9f64b8223d77cfb17a038a58eadd3b822c5201a6f7494f26eea6f77d95f77f6c668d088e6b
-
SSDEEP
6144:SIQpxILDXGGMO7Ice9C5kQw2hWHcHTykhb:SIQpxILDXGGlET9n/cHG
Score1/10 -
-
-
Target
Darkweb RCE/bin/requirements.py
-
Size
2KB
-
MD5
66c4a096e0371c77e18f94a2de406469
-
SHA1
c5640ae18a99bf7390e56a8dea2835d980498b78
-
SHA256
c2cc06e265c74a013dc38363367952be02c6a3ac98bdf1d51059d686e1265f18
-
SHA512
b8c716c4ec3120166bb1c3ec996b9030bbf325a77f9e44a25be9f939f33917059c3e5e6f6f76ff37d113a4d40b6bd24e1f4f4705c9dfe17d26cf04ca677c12f4
Score3/10 -
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
1Virtualization/Sandbox Evasion
1