General

  • Target

    Darkv4.1.zip

  • Size

    44.1MB

  • Sample

    241103-lmzaqa1cne

  • MD5

    f5cb243bcb1233b42f5d838dffa00968

  • SHA1

    51075d1fbf8f3db6be2a02913deddec40bd80831

  • SHA256

    d66534c6318ccb022ec5f66f166059f54726bddf842806cb68e3a264240db16d

  • SHA512

    93e5f5ab521f3838bc392c4491bc8db4da9564e02979c444019de7bb34d6d7f7a3da1e4715d498a7c8fa7e964e3aded2841986449170a32b7dcfcd9396582e75

  • SSDEEP

    786432:expk6rFU/IVnKPQ+0+aee5Ui/JyxFoPZ+YEgLuVy3cj6YyUavF5jBt6PYzNd8tlM:expZqYUM9/UFoP31uGo6cavjBaY0be5p

Malware Config

Targets

    • Target

      Dark.exe

    • Size

      11.4MB

    • MD5

      714e22b30416beb029e11dfeef84fdb7

    • SHA1

      0ab7efd2962ba81c1da8fc37ef33445494ca3508

    • SHA256

      38c73761ba62be47dae4ea5b4a3b639350de8e53dea7cbc3c069d53f38fcd3dc

    • SHA512

      77df34cecf9fb84736d4eac12ffc668ad3bfb7ca80b8b88fa906ad9375525a928dc2e8799a63a93618c96f2b5359e34dacb41b3452bb4f67f24f062c96bcaf44

    • SSDEEP

      196608:N/PFtlvZm2t1VkH85nbe/zJM8usbdq2t6NVMMbO+YohC0fiuPlmepHkXa8M:dFtXN1VkHebe/NM8usdyVK+YUC0ficl4

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

    • Drops file in System32 directory

    • Enumerates processes with tasklist

MITRE ATT&CK Enterprise v15

Tasks