darkvision | d9d68a7e91ad17c3db6dd4f00b4ff9a27cc27e3da41f694f444b9514eda3072f | Triage

Sharing

General

Target

fortnite.exe
Size

1.4MB
Sample

241029-yta8payfpd
MD5

7f9573605fc3b7c5a13a4b09118c77e5
SHA1

2541aebb664df60b014a2093232cfd4994a9130c
SHA256

d9d68a7e91ad17c3db6dd4f00b4ff9a27cc27e3da41f694f444b9514eda3072f
SHA512

fce7e4fef0018a50ab7d306571d41bc8f25e6ba55edf6401b82192c25b25e6f9c39002347e5d92dc40c42bf534fb7c13ab7d53c0696ffadaeea82e9618231be1
SSDEEP

24576:HFe/U3CReTrOmfrD10xs76dJKnCjkIL4I9fGzPvW4C30Wemex2ze+9S4:HFeVROf31es7KcnD9RP

Score

10^/10

darkvision defense_evasion execution rat

Malware Config

Extracted

Family

darkvision

C2

154.216.17.115

https://rentry.co/razorrat/rawYDHXBF8ZTF

Targets

- Target
  
  fortnite.exe
- Size
  
  1.4MB
- MD5
  
  7f9573605fc3b7c5a13a4b09118c77e5
- SHA1
  
  2541aebb664df60b014a2093232cfd4994a9130c
- SHA256
  
  d9d68a7e91ad17c3db6dd4f00b4ff9a27cc27e3da41f694f444b9514eda3072f
- SHA512
  
  fce7e4fef0018a50ab7d306571d41bc8f25e6ba55edf6401b82192c25b25e6f9c39002347e5d92dc40c42bf534fb7c13ab7d53c0696ffadaeea82e9618231be1
- SSDEEP
  
  24576:HFe/U3CReTrOmfrD10xs76dJKnCjkIL4I9fGzPvW4C30Wemex2ze+9S4:HFeVROf31es7KcnD9RP
Score

10^/10

darkvision defense_evasion execution rat
- DarkVision Rat
  DarkVision Rat is a trojan written in C++.
  rat darkvision
- Darkvision family
  darkvision
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Hide Artifacts: Hidden Files and Directories
  defense_evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkvisiondefense_evasionexecutionrat

behavioral2

darkvisiondefense_evasionexecutionrat