darkvision | b8b7b90f809c36e29fe4d072c3ca58fff5333387c5e85baf91b082483518c102 | Triage

Sharing

General

Target

b8b7b90f809c36e29fe4d072c3ca58fff5333387c5e85baf91b082483518c102
Size

604KB
Sample

241025-chn5hssdrr
MD5

96683133ad494eeb2dc33d1c68e02582
SHA1

e10ddd945f7fade315489cc40a5654ba5cb2c672
SHA256

b8b7b90f809c36e29fe4d072c3ca58fff5333387c5e85baf91b082483518c102
SHA512

391ac2ae9f0127931c496edf9b680347edd8dfd970986dbb8e505098e4423693537e0f724cccfed6c6789de170bb540b51d32676f7883a654313dd9009ba7a9b
SSDEEP

6144:yXFFYLsH/0r7Ys1MFNjNIeGVOn0i511Z1VxOBNq5+iZuo3LZoagvYXni4kEIlFJt:yLYgHsg5F0I11Z1pHbZv4u6lFuo

Score

10^/10

darkvision discovery persistence rat

Malware Config

Extracted

Family

darkvision

C2

82.147.85.218

Targets

- Target
  
  b8b7b90f809c36e29fe4d072c3ca58fff5333387c5e85baf91b082483518c102
- Size
  
  604KB
- MD5
  
  96683133ad494eeb2dc33d1c68e02582
- SHA1
  
  e10ddd945f7fade315489cc40a5654ba5cb2c672
- SHA256
  
  b8b7b90f809c36e29fe4d072c3ca58fff5333387c5e85baf91b082483518c102
- SHA512
  
  391ac2ae9f0127931c496edf9b680347edd8dfd970986dbb8e505098e4423693537e0f724cccfed6c6789de170bb540b51d32676f7883a654313dd9009ba7a9b
- SSDEEP
  
  6144:yXFFYLsH/0r7Ys1MFNjNIeGVOn0i511Z1VxOBNq5+iZuo3LZoagvYXni4kEIlFJt:yLYgHsg5F0I11Z1pHbZv4u6lFuo
Score

10^/10

darkvision discovery persistence rat
- DarkVision Rat
  DarkVision Rat is a trojan written in C++.
  rat darkvision
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkvisiondiscoverypersistencerat

behavioral2

darkvisiondiscoverypersistencerat