darkvision | d5001f35264c4470284bfad49145318d9c68700fe34b7bad8fbdc391500b3eb6 | Triage

Resubmissions

25-11-2024 20:05

241125-yts4hatnbw 10

19-11-2024 09:15

241119-k7462aykbj 10

Sharing

General

Target

d5001f35264c4470284bfad49145318d9c68700fe34b7bad8fbdc391500b3eb6
Size

1.1MB
Sample

241125-yts4hatnbw
MD5

4c99b8a6627bee05a1de8d9061631551
SHA1

4cb8a13eb146431ee6d45d4b8daab7088e9ae5c2
SHA256

d5001f35264c4470284bfad49145318d9c68700fe34b7bad8fbdc391500b3eb6
SHA512

a17a604f3eda7d04dff453ebe3548b25e43c1fe9f0cd9702a75c20cd87ad16adafb1d3edae8f8c886a1b81173a4fbbdec7d5fd009feb3869701e9cb170756b42
SSDEEP

24576:BftC16YGW3ad7jWpZAgcteeJp5uXirVpVwL03E+g1RRN9wVQ:BfYhwd7jkAgc1BrVrPEtRd

Score

10^/10

darkvision rat

Malware Config

Extracted

Family

darkvision

C2

http://fiestagrandefm.com/ss/upload.php

85.209.133.9

Targets

- Target
  
  d5001f35264c4470284bfad49145318d9c68700fe34b7bad8fbdc391500b3eb6
- Size
  
  1.1MB
- MD5
  
  4c99b8a6627bee05a1de8d9061631551
- SHA1
  
  4cb8a13eb146431ee6d45d4b8daab7088e9ae5c2
- SHA256
  
  d5001f35264c4470284bfad49145318d9c68700fe34b7bad8fbdc391500b3eb6
- SHA512
  
  a17a604f3eda7d04dff453ebe3548b25e43c1fe9f0cd9702a75c20cd87ad16adafb1d3edae8f8c886a1b81173a4fbbdec7d5fd009feb3869701e9cb170756b42
- SSDEEP
  
  24576:BftC16YGW3ad7jWpZAgcteeJp5uXirVpVwL03E+g1RRN9wVQ:BfYhwd7jkAgc1BrVrPEtRd
Score

10^/10

darkvision rat
- DarkVision Rat
  DarkVision Rat is a trojan written in C++.
  rat darkvision
- Darkvision family
  darkvision
- Downloads MZ/PE file
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1