darkvision | 6b393d3b18723dc892ebde8229d7e6efc61a8bee71b22fe717e2e1b109eb3976 | Triage

Resubmissions

29-10-2024 16:44

241029-t89ycaxbjn 10

30-07-2024 15:31

240730-sx28pa1bre 8

Sharing

General

Target

USA AND MEXICO MARCH SHIPMENT INQUIRY PROJECT-4205.exe
Size

812KB
Sample

240730-sx28pa1bre
MD5

36a76a95fdf4a51451f8936aada5f03b
SHA1

b6855aef1d5946c050b12764ab4cf02c3c2725c1
SHA256

6b393d3b18723dc892ebde8229d7e6efc61a8bee71b22fe717e2e1b109eb3976
SHA512

550bfd09ace7ca5e223f0e60e032e11dd41dab71ce25477afd114d50f277d67d524915a365ef17b7d6580e213de80d5ffbff35a06f1dc7aa0c397edf644939fe
SSDEEP

12288:55+Hq9mCIVBg0iXlbKai0qtsJdRxG/1uQ2vVfpaDMrJ4raKUmt7W08uBFztgfHr:D+Hq9mBCXlbKassG/oJ9BalOKT7vBjg

Score

10^/10

darkvision execution rat

Malware Config

Extracted

Family

darkvision

C2

http://91.92.252.57/upload.php

https://astrabigzo.store/myfolder/myip.txt

Targets

- Target
  
  USA AND MEXICO MARCH SHIPMENT INQUIRY PROJECT-4205.exe
- Size
  
  812KB
- MD5
  
  36a76a95fdf4a51451f8936aada5f03b
- SHA1
  
  b6855aef1d5946c050b12764ab4cf02c3c2725c1
- SHA256
  
  6b393d3b18723dc892ebde8229d7e6efc61a8bee71b22fe717e2e1b109eb3976
- SHA512
  
  550bfd09ace7ca5e223f0e60e032e11dd41dab71ce25477afd114d50f277d67d524915a365ef17b7d6580e213de80d5ffbff35a06f1dc7aa0c397edf644939fe
- SSDEEP
  
  12288:55+Hq9mCIVBg0iXlbKai0qtsJdRxG/1uQ2vVfpaDMrJ4raKUmt7W08uBFztgfHr:D+Hq9mBCXlbKassG/oJ9BalOKT7vBjg
Score

10^/10

darkvision execution rat
- DarkVision Rat
  DarkVision Rat is a trojan written in C++.
  rat darkvision
- Darkvision family
  darkvision
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkvisionexecutionrat

behavioral2

darkvisionexecutionrat