darkvision | 93a61c234e788db0e457a4200650cb65eae29963b53e718842857627be362f89 | Triage

Sharing

General

Target

Some Junk Malware - PW NuT3kC5R.zip
Size

361KB
Sample

241203-fl8vwa1ld1
MD5

7dcbd1c548a24c5c95f8f78874dcbb22
SHA1

db3f51d0fa03b2e86d89f8ac65307d7090c08e37
SHA256

93a61c234e788db0e457a4200650cb65eae29963b53e718842857627be362f89
SHA512

7fe6f00e92bb92757c8ae11a9cea574ed1267d2173dcc4dd0fa72ef0c58db3b8d9d2fb73e94a8b3d6de1dee8b469a1ada857114ac82ec126fd66005b296e53b7
SSDEEP

6144:MFOiFTHDy0TjTNPLmIxVLwyXt/FJsVi66ZSlh/wDD0y1zSFDXmtbINRQo:MFXmYZLmOttQ6klhC1wmxQ7

Score

10^/10

darkvision defense_evasion discovery execution persistence rat

Malware Config

Extracted

Family

darkvision

C2

91.92.241.132

Targets

- Target
  
  CraxsR76.bat
- Size
  
  769KB
- MD5
  
  a65ffe9a5a2c4d89bad9b84de0f7ce07
- SHA1
  
  001154c78285312645a1e27f961b588c717f87e7
- SHA256
  
  5299e8eb13c074c3193ee0e8c1586747687964c0944081fc25784e006353ea85
- SHA512
  
  655e9e14f5f0fdeac469b1772f28aec8be5458d9b68b7667a23c18c84a04366a6239154ffaaafb2120261000219ea50003ac6946cbdf2775fee8997e7d13cc9f
- SSDEEP
  
  12288:fIwxBr74Qz56RqQdgN+p1gZVpqFprjL9R85QLFZIiK:V98661gmCv8L785Q5K
Score

10^/10

darkvision defense_evasion discovery persistence rat execution
- DarkVision Rat
  DarkVision Rat is a trojan written in C++.
  rat darkvision
- Darkvision family
  darkvision
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Deobfuscate/Decode Files or Information
  Payload decoded via CertUtil.
  defense_evasion
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Deobfuscate/Decode Files or Information

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkvisiondefense_evasiondiscoverypersistencerat

behavioral2

darkvisiondefense_evasiondiscoveryexecutionpersistencerat

behavioral3

darkvisiondefense_evasiondiscoveryexecutionpersistencerat

behavioral4

darkvisiondefense_evasiondiscoveryexecutionpersistencerat