Overview

overview

10

Static

static

3

6dc5fcbd3d...fb.exe

windows7-x64

1

6dc5fcbd3d...fb.exe

windows10-2004-x64

7

9a29cb7a67...ee.exe

windows7-x64

10

9a29cb7a67...ee.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    darkvision.zip

  • Size

    1.5MB

  • Sample

    241031-r3qw6szfmb

  • MD5

    7ebbc15bcd7ffb54e10ef95d37f91466

  • SHA1

    983f759873248e1cc149dde05272f27cecee7d8d

  • SHA256

    2ef00351268aea7fb093b96a3ed32cbf1128aff405d38c12114ca6e3768b24f3

  • SHA512

    d87dcf90fc7497e139cfb69374e6eb42f022cdc0bc2f575540e6d4782562b056501609b6409587468b4433a488d004639c5e123634f3c3ace5e71e393cdda2e8

  • SSDEEP

    49152:kNu3AfUgDQMWxzqXSLGvYDmw1H7LYEPA2KuwyA:V6nWxzqScY5BLYEPA2KuwT

Score
10/10
darkvisiondiscoverypersistencerat

Malware Config

Extracted

Family

darkvision

C2

185.196.10.235

Targets

    • Target

      6dc5fcbd3d05cb11dc4731aea996c7cbc213253c4d4b119799c5ddedebe537fb

    • Size

      2.4MB

    • MD5

      f01ed03b7a786c24ebd92eab9b441b9d

    • SHA1

      891c8ef7b9ef32e9d4de3ee473186cd4ba66059f

    • SHA256

      6dc5fcbd3d05cb11dc4731aea996c7cbc213253c4d4b119799c5ddedebe537fb

    • SHA512

      a8041c03e9fd9ab1c2bf4bb6fde3948c803b1592e24fdd112387249b83dff0309d14be6d7bdd19a4d1c5fee3b931e45b13c361e38ac15358afa7b82652cf55e4

    • SSDEEP

      24576:VmbfFJN3P6yM97l2cMPdjjy/ZIbRCTtM+UcI6TRq3jUN6DMhQKjyJ9IFz1uXy:k7N3P6ykZ2cmjjalM+E3SMQJW

    Score
    7/10
    persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

    • Target

      9a29cb7a67e1b38987ba886b673cda3f3c67b75e31ab92710d2cabae66881cee

    • Size

      557KB

    • MD5

      1fee73457d19578c9dc03a72f944f16e

    • SHA1

      05c5b0d48f8dbbca576063ddf300d41c990f9e58

    • SHA256

      9a29cb7a67e1b38987ba886b673cda3f3c67b75e31ab92710d2cabae66881cee

    • SHA512

      df3abdd991cc6df6f9268a00a795c0dc47d421cfad55ee850d8f36873ac3d3bf8c0cbe54ebb7f1dbd1d19b35c4e3205e0a9dff5295fbd338ffcf4accc4f47bd2

    • SSDEEP

      12288:deZoq5yV8ceQDTjE3FbgZ2OImBxjItKh5FME:wK8c33jEOZdIwxj

    Score
    10/10
    darkvisiondiscoverypersistencerat

    • DarkVision Rat

      DarkVision Rat is a trojan written in C++.

      ratdarkvision

    • Darkvision family

      darkvision

    • Deletes itself

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks