darkvision | 9a29cb7a67e1b38987ba886b673cda3f3c67b75e31ab92710d2cabae66881cee | Triage

Sharing

General

Target

9a29cb7a67e1b38987ba886b673cda3f3c67b75e31ab92710d2cabae66881cee
Size

557KB
Sample

241031-rpypvsyjcy
MD5

1fee73457d19578c9dc03a72f944f16e
SHA1

05c5b0d48f8dbbca576063ddf300d41c990f9e58
SHA256

9a29cb7a67e1b38987ba886b673cda3f3c67b75e31ab92710d2cabae66881cee
SHA512

df3abdd991cc6df6f9268a00a795c0dc47d421cfad55ee850d8f36873ac3d3bf8c0cbe54ebb7f1dbd1d19b35c4e3205e0a9dff5295fbd338ffcf4accc4f47bd2
SSDEEP

12288:deZoq5yV8ceQDTjE3FbgZ2OImBxjItKh5FME:wK8c33jEOZdIwxj

Score

10^/10

darkvision discovery persistence rat

Malware Config

Extracted

Family

darkvision

C2

185.196.10.235

Targets

- Target
  
  9a29cb7a67e1b38987ba886b673cda3f3c67b75e31ab92710d2cabae66881cee
- Size
  
  557KB
- MD5
  
  1fee73457d19578c9dc03a72f944f16e
- SHA1
  
  05c5b0d48f8dbbca576063ddf300d41c990f9e58
- SHA256
  
  9a29cb7a67e1b38987ba886b673cda3f3c67b75e31ab92710d2cabae66881cee
- SHA512
  
  df3abdd991cc6df6f9268a00a795c0dc47d421cfad55ee850d8f36873ac3d3bf8c0cbe54ebb7f1dbd1d19b35c4e3205e0a9dff5295fbd338ffcf4accc4f47bd2
- SSDEEP
  
  12288:deZoq5yV8ceQDTjE3FbgZ2OImBxjItKh5FME:wK8c33jEOZdIwxj
Score

10^/10

darkvision discovery persistence rat
- DarkVision Rat
  DarkVision Rat is a trojan written in C++.
  rat darkvision
- Darkvision family
  darkvision
- Deletes itself
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkvisiondiscoverypersistencerat

behavioral2

darkvisiondiscoverypersistencerat