General
-
Target
Darkv4.1.zip
-
Size
44.1MB
-
Sample
241103-lmzaqa1cne
-
MD5
f5cb243bcb1233b42f5d838dffa00968
-
SHA1
51075d1fbf8f3db6be2a02913deddec40bd80831
-
SHA256
d66534c6318ccb022ec5f66f166059f54726bddf842806cb68e3a264240db16d
-
SHA512
93e5f5ab521f3838bc392c4491bc8db4da9564e02979c444019de7bb34d6d7f7a3da1e4715d498a7c8fa7e964e3aded2841986449170a32b7dcfcd9396582e75
-
SSDEEP
786432:expk6rFU/IVnKPQ+0+aee5Ui/JyxFoPZ+YEgLuVy3cj6YyUavF5jBt6PYzNd8tlM:expZqYUM9/UFoP31uGo6cavjBaY0be5p
Static task
static1
Behavioral task
behavioral1
Sample
Dark.exe
Resource
win11-20241007-en
Malware Config
Targets
-
-
Target
Dark.exe
-
Size
11.4MB
-
MD5
714e22b30416beb029e11dfeef84fdb7
-
SHA1
0ab7efd2962ba81c1da8fc37ef33445494ca3508
-
SHA256
38c73761ba62be47dae4ea5b4a3b639350de8e53dea7cbc3c069d53f38fcd3dc
-
SHA512
77df34cecf9fb84736d4eac12ffc668ad3bfb7ca80b8b88fa906ad9375525a928dc2e8799a63a93618c96f2b5359e34dacb41b3452bb4f67f24f062c96bcaf44
-
SSDEEP
196608:N/PFtlvZm2t1VkH85nbe/zJM8usbdq2t6NVMMbO+YohC0fiuPlmepHkXa8M:dFtXN1VkHebe/NM8usdyVK+YUC0ficl4
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Drops file in System32 directory
-
Enumerates processes with tasklist
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Modify Registry
1Obfuscated Files or Information
1Command Obfuscation
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3