darkvision | 6b393d3b18723dc892ebde8229d7e6efc61a8bee71b22fe717e2e1b109eb3976 | Triage

Resubmissions

29-10-2024 16:44

241029-t89ycaxbjn 10

30-07-2024 15:31

240730-sx28pa1bre 8

Sharing

General

Target

USA AND MEXICO MARCH SHIPMENT INQUIRY PROJECT-4205.exe
Size

812KB
Sample

241029-t89ycaxbjn
MD5

36a76a95fdf4a51451f8936aada5f03b
SHA1

b6855aef1d5946c050b12764ab4cf02c3c2725c1
SHA256

6b393d3b18723dc892ebde8229d7e6efc61a8bee71b22fe717e2e1b109eb3976
SHA512

550bfd09ace7ca5e223f0e60e032e11dd41dab71ce25477afd114d50f277d67d524915a365ef17b7d6580e213de80d5ffbff35a06f1dc7aa0c397edf644939fe
SSDEEP

12288:55+Hq9mCIVBg0iXlbKai0qtsJdRxG/1uQ2vVfpaDMrJ4raKUmt7W08uBFztgfHr:D+Hq9mBCXlbKassG/oJ9BalOKT7vBjg

Score

10^/10

darkvision execution rat

Malware Config

Extracted

Family

darkvision

C2

http://91.92.252.57/upload.php

https://astrabigzo.store/myfolder/myip.txt

Targets

- Target
  
  USA AND MEXICO MARCH SHIPMENT INQUIRY PROJECT-4205.exe
- Size
  
  812KB
- MD5
  
  36a76a95fdf4a51451f8936aada5f03b
- SHA1
  
  b6855aef1d5946c050b12764ab4cf02c3c2725c1
- SHA256
  
  6b393d3b18723dc892ebde8229d7e6efc61a8bee71b22fe717e2e1b109eb3976
- SHA512
  
  550bfd09ace7ca5e223f0e60e032e11dd41dab71ce25477afd114d50f277d67d524915a365ef17b7d6580e213de80d5ffbff35a06f1dc7aa0c397edf644939fe
- SSDEEP
  
  12288:55+Hq9mCIVBg0iXlbKai0qtsJdRxG/1uQ2vVfpaDMrJ4raKUmt7W08uBFztgfHr:D+Hq9mBCXlbKassG/oJ9BalOKT7vBjg
Score

10^/10

darkvision execution rat
- DarkVision Rat
  DarkVision Rat is a trojan written in C++.
  rat darkvision
- Darkvision family
  darkvision
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkvisionexecutionrat