darkvision | ccb058d87e0b36a4707237da61542397228f48434616320d0f77d67e6ac82a26 | Triage

Sharing

General

Target

0f2800e7a761d58fc3d25abfce6a7e8e.exe
Size

976KB
Sample

241101-zppqystlbs
MD5

0f2800e7a761d58fc3d25abfce6a7e8e
SHA1

b6a8fa05d5e4c0028fdf61ebab6d4c469936e828
SHA256

ccb058d87e0b36a4707237da61542397228f48434616320d0f77d67e6ac82a26
SHA512

bd22454d9be466c9bda46c5fe6e4da10c0516f0b02187c41d9485ce5a69e6d38dcec21c2759b782aab88b060a9d74c7ec7f335e381b173c9bcbf44d03a51fdc2
SSDEEP

24576:Rv6Lm2aNvVIx22wYGSiz4hNFXtWyDTjBFKzXZB:Rv5NvOcYGSiz4hNDWsTjSP

Score

10^/10

darkvision execution rat

Malware Config

Extracted

Family

darkvision

C2

http://fiestagrandefm.com/ss/upload.php

45.88.91.87

Targets

- Target
  
  0f2800e7a761d58fc3d25abfce6a7e8e.exe
- Size
  
  976KB
- MD5
  
  0f2800e7a761d58fc3d25abfce6a7e8e
- SHA1
  
  b6a8fa05d5e4c0028fdf61ebab6d4c469936e828
- SHA256
  
  ccb058d87e0b36a4707237da61542397228f48434616320d0f77d67e6ac82a26
- SHA512
  
  bd22454d9be466c9bda46c5fe6e4da10c0516f0b02187c41d9485ce5a69e6d38dcec21c2759b782aab88b060a9d74c7ec7f335e381b173c9bcbf44d03a51fdc2
- SSDEEP
  
  24576:Rv6Lm2aNvVIx22wYGSiz4hNFXtWyDTjBFKzXZB:Rv5NvOcYGSiz4hNDWsTjSP
Score

10^/10

darkvision execution rat
- DarkVision Rat
  DarkVision Rat is a trojan written in C++.
  rat darkvision
- Darkvision family
  darkvision
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkvisionexecutionrat

behavioral2

darkvisionexecutionrat