darkvision | f1ab614948bc4f083c360d00c8bb928d87d272d0821ae2c9f6428f8851e16c85 | Triage

Sharing

General

Target

STUB.EXE
Size

392KB
Sample

241206-e2wptawlbm
MD5

50719aa63a1675c0603d9631fcc29304
SHA1

1c71c81f8f58372ac6ee0ed6dbda3af8052212d0
SHA256

f1ab614948bc4f083c360d00c8bb928d87d272d0821ae2c9f6428f8851e16c85
SHA512

ee8bcd30f6565a3b9e8191db515a19c93ca37ba37812bb1fbf68ce7351b12bda25dd506f139dba3235aca8fea822e29fca81cae5e9fea7ea0c2ae38ba8702e67
SSDEEP

6144:JhhJDFgX3Er8PTAE/3JR5X1q/PjWlsv4JbGN2n24peFpm:ThlFgX3EruRbqils6MoDqA

Score

10^/10

darkvision persistence rat

Malware Config

Targets

- Target
  
  STUB.EXE
- Size
  
  392KB
- MD5
  
  50719aa63a1675c0603d9631fcc29304
- SHA1
  
  1c71c81f8f58372ac6ee0ed6dbda3af8052212d0
- SHA256
  
  f1ab614948bc4f083c360d00c8bb928d87d272d0821ae2c9f6428f8851e16c85
- SHA512
  
  ee8bcd30f6565a3b9e8191db515a19c93ca37ba37812bb1fbf68ce7351b12bda25dd506f139dba3235aca8fea822e29fca81cae5e9fea7ea0c2ae38ba8702e67
- SSDEEP
  
  6144:JhhJDFgX3Er8PTAE/3JR5X1q/PjWlsv4JbGN2n24peFpm:ThlFgX3EruRbqils6MoDqA
Score

10^/10

darkvision persistence rat
- DarkVision Rat
  DarkVision Rat is a trojan written in C++.
  rat darkvision
- Darkvision family
  darkvision
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkvisionpersistencerat