MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 90ef0dacd3f993a784a8f2d884e065704920db45a5abe639f714306b89a2eef8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


DarkVNC


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 90ef0dacd3f993a784a8f2d884e065704920db45a5abe639f714306b89a2eef8
SHA3-384 hash: 358102752eb11b1993eebe87b20b47d67e38a2e0833e6a46e8658525544a751fe770031af02f8f5a321fba6d211b6cfe
SHA1 hash: 2cfac136e48e6cf9653da3e1217ba684b8c0049f
MD5 hash: 0a522f39888e083b1e2c010bd8d78b29
humanhash: saturn-lemon-chicken-maryland
File name:0a522f39888e083b1e2c010bd8d78b29
Download: download sample
Signature DarkVNC
Create hunting rule
File size:1'166'336 bytes
First seen:2021-06-27 22:10:40 UTC
Last seen:2021-06-27 22:43:06 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 125e3e7cc1558104c6c521746bd08b89 (1 x DarkVNC, 1 x Loki)
ssdeep 24576:6PlYpSDdld9SJigUGDuvqmpoDIUDSgCPfiyMIdRVKTlIGD:6RgrmpoEKSgZyM8wL
Threatray 2'253 similar samples on MalwareBazaar
TLSH 19451210B662D035E2FA16F88979936C573D7EB0972464CF63E42BEDA6346D0AC3134B
Reporter zbetcheckin
Tags:32 DarkVNC exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
121
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
0a522f39888e083b1e2c010bd8d78b29
Verdict:
Malicious activity
Analysis date:
2021-06-27 22:11:41 UTC
Tags:
trojan danabot
Link:
https://app.any.run/tasks/ef10b676-4cff-404b-bf1a-142ce73257e7

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/168503/
Detection(s):
SecuriteInfo.com.W32.AIDetect.malware2.8917.28084.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Malicious Packer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/c892d90e-d63d-46d6-acdb-8cb72e3070f3
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/808625
Signature
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/90ef0dacd3f993a784a8f2d884e065704920db45a5abe639f714306b89a2eef8/
Threat name:
Win32.Ransomware.Stop
Create hunting rule
Status:
Malicious
First seen:
2021-06-27 22:11:17 UTC
AV detection:
13 of 29 (44.83%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
0e28b97dc1ae0e9af704ff2fa7761c8c35b5b76f136fe14883e84906ed1304ed
DarkVNC
26e4bbe3bdc2deb3142b952094d6bd3bb27ee0217d7a9b735a0cc2bbdf6bd9b4
DarkVNC
36dbcbd2fd7ca9dce07e4fb345b4e2f08bc514a8ecd776a2212a3897e9e6ef55
DarkVNC
4a79f527d403fdfec5bf88068a5ac86494395d0b735ac27741a4ff78b2434a55
DarkVNC
6d4e6d54d7fb566e6887ce79f7d65c151b3092260cc7fef21dc60d46a265b4ff
DarkVNC
777196a3c6dba0ed8fd4f71c26ffda24348ee7e0daf2d135b2cd49a36f524e5e
DarkVNC
a6f23f333a1c8eab33961660887f4ebb84f12451db4d8f94c1c01fe5dca71ae8
DarkVNC
d24b2f6e96fa1b2bb20b19e3b70757887a3f4934d035fde4efdbdd5b9e845df9
DarkVNC
d7199616185a4d6187eb375c778dd4e5327df6a5e51018770addb54705732d88
DarkVNC
ffa75b8f967bd35526e421be427fd7b9009fc7faba064454ba99228381ccc1ff
DarkVNC
+ 2'243 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/210627-y11yqhmkge/
Behaviour
Suspicious use of WriteProcessMemory
Drops file in Program Files directory
Loads dropped DLL
Blocklisted process makes network request
Unpacked files
SH256 hash:
f64fba3426e0cdfe0a62a0d2eceb28c1b524c4e1df0768e72f2b40abcddd3529
MD5 hash:
4d0ecba2889d1393a4dd889d39801290
SHA1 hash:
1a81f8df77648782e2bef14cfc2369770de768e5
Link:
https://www.unpac.me/results/436dca2d-858f-4273-83dd-d0b3715a2205/
SH256 hash:
602592b67309211283a9af4c4183199ceb6ebe7dbdd22f68f6f98ada1b66286d
MD5 hash:
88c2cc05318e0bcd3f31724dd4243ead
SHA1 hash:
15e1b6bbfe4172750f027ffe9dd51192eff81376
Link:
https://www.unpac.me/results/436dca2d-858f-4273-83dd-d0b3715a2205/
SH256 hash:
90ef0dacd3f993a784a8f2d884e065704920db45a5abe639f714306b89a2eef8
MD5 hash:
0a522f39888e083b1e2c010bd8d78b29
SHA1 hash:
2cfac136e48e6cf9653da3e1217ba684b8c0049f
Link:
https://www.unpac.me/results/436dca2d-858f-4273-83dd-d0b3715a2205/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/90ef0dacd3f993a784a8f2d884e065704920db45a5abe639f714306b89a2eef8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DarkVNC

Executable exe 90ef0dacd3f993a784a8f2d884e065704920db45a5abe639f714306b89a2eef8

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/168503/

Comments