Overview
overview
10Static
static
3NingaliNET...or.dll
windows7-x64
1NingaliNET...or.dll
windows10-2004-x64
1NingaliNET...ib.dll
windows7-x64
1NingaliNET...ib.dll
windows10-2004-x64
1NingaliNET...il.dll
windows7-x64
1NingaliNET...il.dll
windows10-2004-x64
1NingaliNET...m].exe
windows7-x64
10NingaliNET...m].exe
windows10-2004-x64
10NingaliNET...l].exe
windows7-x64
1NingaliNET...l].exe
windows10-2004-x64
1NingaliNET...er.exe
windows7-x64
1NingaliNET...er.exe
windows10-2004-x64
1NingaliNET...er.exe
windows7-x64
1NingaliNET...er.exe
windows10-2004-x64
1NingaliNET...nt.exe
windows7-x64
1NingaliNET...nt.exe
windows10-2004-x64
1NingaliNET...al.exe
windows7-x64
1NingaliNET...al.exe
windows10-2004-x64
1NingaliNET...es.exe
windows7-x64
1NingaliNET...es.exe
windows10-2004-x64
1NingaliNET...er.dll
windows7-x64
1NingaliNET...er.dll
windows10-2004-x64
1NingaliNET...np.dll
windows7-x64
1NingaliNET...np.dll
windows10-2004-x64
1General
-
Target
693d0e75117786c05a23a40915b0440e_JaffaCakes118
-
Size
4.3MB
-
Sample
240523-bglsbsfg91
-
MD5
693d0e75117786c05a23a40915b0440e
-
SHA1
d1bd566408d49b3cda734d045e3387ee821c4cac
-
SHA256
4de3c9059ad7bba0d41c6884ecb885638dd0860bc7712f1f6367bb75f4fd2307
-
SHA512
0c3242360589233a9a3da8158cf85d39ac722732ff90421efeb433d72bdd7538dbe1d42e55bfe093df6d33c04ad686a271e1ce89faeea71cf20fddde015c1269
-
SSDEEP
98304:xB2fetOSj4J7+NlNbDrfIwAgCRLtu6a6fAQFdClR0EQ+8t:SfrSHNlNbDrffwu6awSLLQ5t
Static task
static1
Behavioral task
behavioral1
Sample
NingaliNET-RAT 1.0.2.1/NingaliNET 1.0.2.1/IconInjector.dll
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
NingaliNET-RAT 1.0.2.1/NingaliNET 1.0.2.1/IconInjector.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
NingaliNET-RAT 1.0.2.1/NingaliNET 1.0.2.1/Interop.NATUPNPLib.dll
Resource
win7-20240220-en
Behavioral task
behavioral4
Sample
NingaliNET-RAT 1.0.2.1/NingaliNET 1.0.2.1/Interop.NATUPNPLib.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral5
Sample
NingaliNET-RAT 1.0.2.1/NingaliNET 1.0.2.1/Mono.Cecil.dll
Resource
win7-20240508-en
Behavioral task
behavioral6
Sample
NingaliNET-RAT 1.0.2.1/NingaliNET 1.0.2.1/Mono.Cecil.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
NingaliNET-RAT 1.0.2.1/NingaliNET 1.0.2.1/NingaliNET Cracked [VersionPremium].exe
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
NingaliNET-RAT 1.0.2.1/NingaliNET 1.0.2.1/NingaliNET Cracked [VersionPremium].exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
NingaliNET-RAT 1.0.2.1/NingaliNET 1.0.2.1/NingaliNET [Original].exe
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
NingaliNET-RAT 1.0.2.1/NingaliNET 1.0.2.1/NingaliNET [Original].exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral11
Sample
NingaliNET-RAT 1.0.2.1/NingaliNET 1.0.2.1/Plugins/Filebinder.exe
Resource
win7-20240508-en
Behavioral task
behavioral12
Sample
NingaliNET-RAT 1.0.2.1/NingaliNET 1.0.2.1/Plugins/Filebinder.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral13
Sample
NingaliNET-RAT 1.0.2.1/NingaliNET 1.0.2.1/Plugins/Server.exe
Resource
win7-20240508-en
Behavioral task
behavioral14
Sample
NingaliNET-RAT 1.0.2.1/NingaliNET 1.0.2.1/Plugins/Server.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral15
Sample
NingaliNET-RAT 1.0.2.1/NingaliNET 1.0.2.1/Plugins/dlentrypoint.exe
Resource
win7-20240215-en
Behavioral task
behavioral16
Sample
NingaliNET-RAT 1.0.2.1/NingaliNET 1.0.2.1/Plugins/dlentrypoint.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral17
Sample
NingaliNET-RAT 1.0.2.1/NingaliNET 1.0.2.1/Plugins/dlnormal.exe
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
NingaliNET-RAT 1.0.2.1/NingaliNET 1.0.2.1/Plugins/dlnormal.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral19
Sample
NingaliNET-RAT 1.0.2.1/NingaliNET 1.0.2.1/Res/res.exe
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
NingaliNET-RAT 1.0.2.1/NingaliNET 1.0.2.1/Res/res.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral21
Sample
NingaliNET-RAT 1.0.2.1/NingaliNET 1.0.2.1/SocketServer.dll
Resource
win7-20240508-en
Behavioral task
behavioral22
Sample
NingaliNET-RAT 1.0.2.1/NingaliNET 1.0.2.1/SocketServer.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral23
Sample
NingaliNET-RAT 1.0.2.1/NingaliNET 1.0.2.1/upnp.dll
Resource
win7-20240221-en
Behavioral task
behavioral24
Sample
NingaliNET-RAT 1.0.2.1/NingaliNET 1.0.2.1/upnp.dll
Resource
win10v2004-20240426-en
Malware Config
Extracted
darkcomet
A1Client
subdomain-dns.duckdns.org:3725
DC_MUTEX-9WL5KMH
-
gencode
F7b2NJbuPvt9
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
NingaliNET-RAT 1.0.2.1/NingaliNET 1.0.2.1/IconInjector.dll
-
Size
13KB
-
MD5
a011c4d9973857b53c6d26bb616ec7db
-
SHA1
cabb81130a064bf9ca41047205af18ecd456433c
-
SHA256
360b7cb7812529a3902c8adebec8975019454f762200b98ee78213532416f435
-
SHA512
e8085290144e6090918c7bbff20e626f6d7812187f778b9c5705e4710ac589e020ba626c09be43156dcacf846f8571e7690e1e3569d704db3067be365833e6e3
-
SSDEEP
192:jLCpu5cRy2zdtwsYvCZVzQInlYJL/efvnaDNIDLTHqaf+UJxX+3DrDmWcLc9C:jL+pY25OvCpQdqHnq+LTQUmrDmW98
Score1/10 -
-
-
Target
NingaliNET-RAT 1.0.2.1/NingaliNET 1.0.2.1/Interop.NATUPNPLib.dll
-
Size
7KB
-
MD5
8a24aa73080b46f93c4c9f3450fe43e5
-
SHA1
ed0d8edf55ea6b0d717813fd829e434eb3d63abb
-
SHA256
e45f7168be51641d43873f90ff538f9f7557755e911dc23783ff6a4028c30c25
-
SHA512
17325bab37fb2a0975ba3e3885a73f235e06f1634124743eca2c2c76e5f2d76fbb751ca8eccecbeef8bb6a9872970e44e6e5847adc54af1cf63dd6f9a5c3b13d
-
SSDEEP
96:CFinj09TiY5IxaUsyKY05YgZsXFn6cQkE8g8nIxqG0tVClW:mGEJIrKrYgZsd6wVIiX
Score1/10 -
-
-
Target
NingaliNET-RAT 1.0.2.1/NingaliNET 1.0.2.1/Mono.Cecil.dll
-
Size
305KB
-
MD5
851ec9d84343fbd089520d420348a902
-
SHA1
f8e2a80130058e4db3cf569cf4297d07d05c93e0
-
SHA256
cdadc26c09f869e21053ee1a0acf3b2d11df8edd599fe9c377bd4d3ce1c9cda9
-
SHA512
5e1d1b953fda4a905749eff8c4133a164748ba08c4854348539d335cf53c873eae7c653807a2701bf307693a049ae6c523bd1497a8e659bdea0a71085a58a5f1
-
SSDEEP
6144:ueMQM/aMOZabe3h1PtRjAqmYVNf3yTXcYBbt6KMBhu:uF/aMDb8BtRjA7XcYNclB
Score1/10 -
-
-
Target
NingaliNET-RAT 1.0.2.1/NingaliNET 1.0.2.1/NingaliNET Cracked [VersionPremium].exe
-
Size
2.9MB
-
MD5
451b1dd1b12dbd70f3cf580deae0696d
-
SHA1
81024d91d94c302e85455badb21e3a2e4f694eda
-
SHA256
ade39b5cb7124f165ed933e8e7f45469aebe1bb85cec8aadff7fee8ae99e499e
-
SHA512
7fc86b44a02d47f6b577d93ff81c0ba7239995b2d4f1e02475d963f593d9d2ac6ab451770ab4a7fefc9d440e33eeff494d6274fab66f4033f97bd0bb9a57d802
-
SSDEEP
49152:P4+T1crpOB3pVPnBaTOhm5PbQqKpcYeD4K2CqFXBSLlTJcGXDlp/yBFwvP:xT1crpY5zWOEB4qYeSCq2Ll93YFq
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-
-
-
Target
NingaliNET-RAT 1.0.2.1/NingaliNET 1.0.2.1/NingaliNET [Original].exe
-
Size
1.4MB
-
MD5
eeda9e3dba1a866465f817af9e7c8212
-
SHA1
b78966eb20fdd1c9b4c22c409b2bb9a9a071d680
-
SHA256
f656b5b6736911a787fc4f3374ff247cfbcb277c7c2945c9c5c462354fea968c
-
SHA512
7a7b008b23d1164cfb851c1dc5aa8545b1a76764c331c41cb7de18647f103ac99b138dd7fad20823c90362e17efa043b5517aa8ba11cb5cf836423ace430eccc
-
SSDEEP
12288:Vtop+3x/jgQV7nXM3bFsatCwCUA0s1G9uaumrnmaR1G9218lgrIh1j:Vf3keatCwCsuGEarjmaGg2G
Score1/10 -
-
-
Target
NingaliNET-RAT 1.0.2.1/NingaliNET 1.0.2.1/Plugins/Filebinder.bin
-
Size
14KB
-
MD5
f4c7f8ef90e34c3e9f19d1366db79f03
-
SHA1
3ee1d1fafa5444b376c729279939a64a69caa544
-
SHA256
3ab5e13d7c560937ec3e1f764fb728bc81d22a177c695507065e09ae12d98894
-
SHA512
82246a0b218d2fda14fcb358d5abc58a8d7b3c57cffad22c198f2bfdabc7465848940ef9b6a627a403197bf1a635feb2bec098725f9a2ef91b217f0bb466c78e
-
SSDEEP
384:j6FMwWPfLQV42kuGCy4ju7LRB3u0+L6JOCzYcCe:uFHWPfXCEJvzYcCe
Score1/10 -
-
-
Target
NingaliNET-RAT 1.0.2.1/NingaliNET 1.0.2.1/Plugins/Server.bin
-
Size
150KB
-
MD5
8ee6cfa5124a73f0e61d602ea7878863
-
SHA1
fbdff1a9009c2df072d74699f97700ccf2356ce7
-
SHA256
37df8b661f2ac4bf71ff9ef424de495813468294a4d88d682c45da1333859aa4
-
SHA512
da86a1e56e181c03ed7728b0cbbc9c516bdbe130361f2e74364a14d7686e148591dc272c4f5408d3f3f9e1e3d171a32c2af10927f46c0153e1d9b7e0c8997089
-
SSDEEP
3072:VLhz+8pIFc/i3bJ1c2kHWuVx1cep3a9xk9knBq:7z+n3bQHWCx1cepK9xJn
Score1/10 -
-
-
Target
NingaliNET-RAT 1.0.2.1/NingaliNET 1.0.2.1/Plugins/dlentrypoint.bin
-
Size
11KB
-
MD5
14960a1079f4ffbfb46f553cfc52ad09
-
SHA1
b3d18ffc2b1120d3a58c04d45bd3a404aceb8af3
-
SHA256
b047352ca4a417181e493c6f353eba94a0fce9d67507dc0f3d694b49b4fce6ef
-
SHA512
2bf999073f35df968d2c9bfc2189dbba163487c7287d1475dde998379bd20969d5140fbff7b6c01f9e7031871342a57ab1b215172bfd15dfac15b025dee0954c
-
SSDEEP
192:03WKyDozynM11XvrKclkpZmGnloYk4ONIDLR7fV0ovpptwiA:03WvooMnXvrKcl+y4u+LR7Zxp6iA
Score1/10 -
-
-
Target
NingaliNET-RAT 1.0.2.1/NingaliNET 1.0.2.1/Plugins/dlnormal.bin
-
Size
11KB
-
MD5
2b53e572879a63aaa6ab032221a24d99
-
SHA1
cecfb4dad0d128bc78369aba53839828af223ff1
-
SHA256
0e36c6fbbc68953d2702c3d5f84eeb35912ce9a53aadf467f8df60faf51a7f5e
-
SHA512
327d26775f38f29f462c8a3a9d921ab0d89cf80527acb2ddd539d0842988f93c2cbf335a865cea893ab2a81915a95683cdfd8033f9a357aacbf0b8d3360e8188
-
SSDEEP
192:3d3WKytoFQldQKDFdzG1nvlldKXZmGnloYk46NIDLRKQVuYvpxGBA:N3Wuy7FBGJvl7KJy4q+LRK6lx8A
Score1/10 -
-
-
Target
NingaliNET-RAT 1.0.2.1/NingaliNET 1.0.2.1/Res/res.exe
-
Size
861KB
-
MD5
66064dbdb70a5eb15ebf3bf65aba254b
-
SHA1
0284fd320f99f62aca800fb1251eff4c31ec4ed7
-
SHA256
6a94dbda2dd1edcff2331061d65e1baf09d4861cc7ba590c5ec754f3ac96a795
-
SHA512
b05c6c09ae7372c381fba591c3cb13a69a2451b9d38da1a95aac89413d7438083475d06796acb5440cd6ec65b030c9fa6cbdaa0d2fe91a926bae6499c360f17f
-
SSDEEP
24576:o0ESdQpglO1CxDyawn27h+9hrlgKQY9SGcZwCdTp:o0RIglO1CuL9VNcaCd9
Score1/10 -
-
-
Target
NingaliNET-RAT 1.0.2.1/NingaliNET 1.0.2.1/SocketServer.dll
-
Size
15KB
-
MD5
7f57ffb2f3def9388705e078c05f9818
-
SHA1
1632a47a3f5d130d739be02c78cc5a127c2bdde7
-
SHA256
1102f0cb41a876632c5c516da1645973867c77f1cf25ab18a705b33d4f7d1d99
-
SHA512
c25f300838475482f02d1223fd312d1a6f6d42591af8024e9a00f80e9a02621b74fa368ed8db3da08e59bb6c015b86820de0dc14c45a2db8fdaf3dbc438bdda6
-
SSDEEP
384:TdLY3cAoBc+R6V6j5qj1G+LTvYAtKt3rRP:JY36Bc+RzjnA8JrR
Score1/10 -
-
-
Target
NingaliNET-RAT 1.0.2.1/NingaliNET 1.0.2.1/upnp.dll
-
Size
11KB
-
MD5
ca53e14184fb09ef3294cc4c51e21e04
-
SHA1
0917bb5e295c9bd59ad3b0929bf1ad1f08122a86
-
SHA256
7a915097caf17b3daa528e90d44972306fdfb0f7b46089b4b6332bfb70dcf1ae
-
SHA512
3ee019448aeb0e47ead9395d4edc53573705c95592bb36b26f688e07810f9eab85f551ca8b41048c8e2bea681831dd1d64b368f71023e4d0f423c8632fcb2167
-
SSDEEP
192:hKATtBzEToGAnDZVenlYJL/ertIuLROw6OW+Wv:hKEBQc5t9qBzLR2O1Wv
Score1/10 -