Cert2Connect

Technical Analysis of DarkVNC

DarkVNC is a hidden utility based on VNC technology used for stealthy remote access. It was advertised in 2016 and received updates until 2017. DarkVNC has been used by threat actors associated with IcedID and SolarMarker campaigns. This analysis focuses on a DarkVNC sample that uses vncdll64.dll for exporting functions. It generates a unique ID to send to the C2 server along with system info. DarkVNC can search for and manipulate windows related to the desktop environment. It can also control the state of devices like keyboard and mouse and block user input. The malware gathers details on the Chrome browser install and runs cmd prompts. Detection and prevention controls like EDR solutions and training programs are recommended.
Overzicht

WILT U WETEN HOE DIT RISICO
UITGEBANNEN KAN WORDEN?

Wij helpen je graag. Indien gewenst geven we graag een presentatie of demo van onze oplossingsaanpak. Je vindt ons ook regelmatig op beurzen en events. Volg de evenementenpagina op deze site of meld je aan via de contactpagina voor onze nieuwsbrief.

Maak een afspraak