darkvision | 74e66581cda6b55f9dbfcfe260faec1dad8a38d9fa0c5c2f45e64d16e6a11d4e | Triage

Sharing

General

Target

fortnite.exe
Size

1.4MB
Sample

241029-y1dmdszalp
MD5

5999098b0f0e4e25e826092a7f1e7598
SHA1

76f8454429e4a59e4b7361415a6d62e08207577e
SHA256

74e66581cda6b55f9dbfcfe260faec1dad8a38d9fa0c5c2f45e64d16e6a11d4e
SHA512

7d43edd26d68f5f51478a6e8f75652bf15a9704c89f4d70c6115c51989c9e60a726124c4ddabd5a95917a537b066a0d6ecef3b737492706e82e5493a63ce36c1
SSDEEP

24576:PW0EbEOAkR+9yJgoHqWnKwVIL4I9fGzPvW4C30Wemex2ze+9S:PW0kTdnn9RP

Score

10^/10

darkvision defense_evasion execution rat

Malware Config

Extracted

Family

darkvision

C2

154.216.17.115

https://rentry.co/razorrat/rawYDHXBF8ZTF

Targets

- Target
  
  fortnite.exe
- Size
  
  1.4MB
- MD5
  
  5999098b0f0e4e25e826092a7f1e7598
- SHA1
  
  76f8454429e4a59e4b7361415a6d62e08207577e
- SHA256
  
  74e66581cda6b55f9dbfcfe260faec1dad8a38d9fa0c5c2f45e64d16e6a11d4e
- SHA512
  
  7d43edd26d68f5f51478a6e8f75652bf15a9704c89f4d70c6115c51989c9e60a726124c4ddabd5a95917a537b066a0d6ecef3b737492706e82e5493a63ce36c1
- SSDEEP
  
  24576:PW0EbEOAkR+9yJgoHqWnKwVIL4I9fGzPvW4C30Wemex2ze+9S:PW0kTdnn9RP
Score

10^/10

darkvision defense_evasion execution rat
- DarkVision Rat
  DarkVision Rat is a trojan written in C++.
  rat darkvision
- Darkvision family
  darkvision
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Hide Artifacts: Hidden Files and Directories
  defense_evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkvisiondefense_evasionexecutionrat

behavioral2

darkvisiondefense_evasionexecutionrat