darkvision | f24d7ab716eba0c20be61f486f7b87ea4b50bfa51768a4cb0f5ab533d870b21b | Triage

Sharing

General

Target

firsgenec.exe
Size

515KB
Sample

241207-adzdksvnet
MD5

6396fe13c841f397d73a0c43e8e2aa0b
SHA1

60927461048042ad76a48b5011b183b54f42b603
SHA256

f24d7ab716eba0c20be61f486f7b87ea4b50bfa51768a4cb0f5ab533d870b21b
SHA512

658498479e1cad3052371ae6c16751716678f813cf44761a6b46b3af62b8ee98f4b6bb871bb5d52aa2db03eb3c0c85f85186656f929f11ce09f7f72c1f40dc59
SSDEEP

6144:zP6Rv7Lc8O4QwmaYP6pmD0oRS69MDTVH4XsfSe0sBF0SWQDlxot9k2yfH4z4n4k7:SA4r1O6owoRS6ITV1fKIWQDAsTn4kFR

Score

10^/10

darkvision execution rat

Malware Config

Extracted

Family

darkvision

C2

85.115.223.20

Targets

- Target
  
  firsgenec.exe
- Size
  
  515KB
- MD5
  
  6396fe13c841f397d73a0c43e8e2aa0b
- SHA1
  
  60927461048042ad76a48b5011b183b54f42b603
- SHA256
  
  f24d7ab716eba0c20be61f486f7b87ea4b50bfa51768a4cb0f5ab533d870b21b
- SHA512
  
  658498479e1cad3052371ae6c16751716678f813cf44761a6b46b3af62b8ee98f4b6bb871bb5d52aa2db03eb3c0c85f85186656f929f11ce09f7f72c1f40dc59
- SSDEEP
  
  6144:zP6Rv7Lc8O4QwmaYP6pmD0oRS69MDTVH4XsfSe0sBF0SWQDlxot9k2yfH4z4n4k7:SA4r1O6owoRS6ITV1fKIWQDAsTn4kFR
Score

10^/10

darkvision rat execution
- DarkVision Rat
  DarkVision Rat is a trojan written in C++.
  rat darkvision
- Darkvision family
  darkvision
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Executes dropped EXE
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

darkvisionexecutionrat