General
-
Target
2570_output.vbs
-
Size
421KB
-
Sample
241203-wfhdqssjap
-
MD5
1304afcdfc224427dfe647dd10025628
-
SHA1
54de753563e6a041ca67a90e50c121cd32f2e125
-
SHA256
13f879d486e63ba54d45f500025f13cb63c83956e0493434a67692f3a47cbace
-
SHA512
23dcf2384265354d1596934f5d428df2518a410fd074ac6127c9f6b6ac896472542620966ffe6c39a3e74157f3eb3f09e2d481ee265f969861fcc5f3bbac0506
-
SSDEEP
6144:URCyzWhqzOEHu+s+7e7C8526sSil7tJA1ikRAG9cuyVa8iix6gwXUhkSn:w8hbmbh7uiWct2yVa8ArUhkSn
Malware Config
Targets
-
-
Target
2570_output.vbs
-
Size
421KB
-
MD5
1304afcdfc224427dfe647dd10025628
-
SHA1
54de753563e6a041ca67a90e50c121cd32f2e125
-
SHA256
13f879d486e63ba54d45f500025f13cb63c83956e0493434a67692f3a47cbace
-
SHA512
23dcf2384265354d1596934f5d428df2518a410fd074ac6127c9f6b6ac896472542620966ffe6c39a3e74157f3eb3f09e2d481ee265f969861fcc5f3bbac0506
-
SSDEEP
6144:URCyzWhqzOEHu+s+7e7C8526sSil7tJA1ikRAG9cuyVa8iix6gwXUhkSn:w8hbmbh7uiWct2yVa8ArUhkSn
Score10/10-
DarkVision Rat
DarkVision Rat is a trojan written in C++.
-
Darkvision family
-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Drops file in System32 directory
-