darkvision | b9e724730282edffa71360eba20d3d461bdda32ec3445571a27a57ea75ef6c81 | Triage

Sharing

General

Target

BitcoinHunter (infected).zip
Size

147KB
Sample

241203-hcqn2stnax
MD5

cc99c5b1f96fe09ab425a914020006fe
SHA1

2153e5bcb933c2cdd34f8213fd9b2e08a9320990
SHA256

b9e724730282edffa71360eba20d3d461bdda32ec3445571a27a57ea75ef6c81
SHA512

4b2b24396f8a6d48ae1801cf8329db75af05f9deb56a00767e552dcdd5d9efdefa12eadc1c769ab2c45a11fbbe544b65a67515fffcf3617659fe69d82881d9ee
SSDEEP

3072:gCRqpLqES0GqZps40RyNLNvT8Lie4exFVl+TeTQOvPD6JebfJun:gjjS0RZaRyNLlT8L4K8+D68bfJun

Score

10^/10

darkvision persistence rat

Malware Config

Extracted

Family

darkvision

C2

45.200.148.238

Targets

- Target
  
  Hunter.EXE
- Size
  
  453KB
- MD5
  
  f2d7130f55f26b026699f8c21d0aa262
- SHA1
  
  9c9954a10b95900fc4e0696973d1d030b3ec12d6
- SHA256
  
  3024dda41d8c20fe676b52db4308e87d3322446ffc4e3e67f8437a31b436e04a
- SHA512
  
  a0a4745791ed9357e1731d5eb583865670599f0aafa9b3b23dcd486b540462ad61e2649216e6fe57f617129378c0b827ed31970904428abe3605615597506f6e
- SSDEEP
  
  6144:+MdVKz+LuaBM4/1qrbbYTsHYU6Aez8HVWIrJMA:LLXqrH+R+T
Score

10^/10

darkvision persistence rat
- DarkVision Rat
  DarkVision Rat is a trojan written in C++.
  rat darkvision
- Darkvision family
  darkvision
- Deletes itself
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkvisionpersistencerat