darkvision | 5159d8e2d07c08e4280c303b1a74c93efb3129348e381c3bb0656f6abaf2d3b1 | Triage

Analysis

max time kernel
149s
max time network
154s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
07-12-2024 11:11

Sharing

Report Analysis Logs

General

Target

STUB.exe
Size

276KB
MD5

31b8cb9b5e6856908ab3d5d138f6a7b0
SHA1

bad93dd87c7863a95e1ae79135bd9f8f78228f13
SHA256

5159d8e2d07c08e4280c303b1a74c93efb3129348e381c3bb0656f6abaf2d3b1
SHA512

fd30b645368ff6f91c875db93c788e6dd7453d19f04dd7d8bffb12ddcee8d587dacea7aefda4e2638ff8161ad3deca3b0e6997ca3e2bb98318f070e163fcd1ec
SSDEEP

3072:rrDyh1bdjkWxF/1PVg88WRhgEr1yNhT2xE/3MW7o4+W95nB35Epr1R:uhhJDFgX3Er8PTAE/3JR5Za

Score

10^/10

darkvision rat

Malware Config

Signatures

DarkVision Rat
DarkVision Rat is a trojan written in C++.
rat darkvision
Darkvision family
darkvision

Executes dropped EXE 1 IoCs

pid	Process
1728	serber.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4932	STUB.exe
4932	STUB.exe
4932	STUB.exe
4932	STUB.exe
1728	serber.exe
1728	serber.exe
1728	serber.exe
1728	serber.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4932	STUB.exe
Token: SeDebugPrivilege	1728	serber.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4932 wrote to memory of 1728	4932	STUB.exe	81
PID 4932 wrote to memory of 1728	4932	STUB.exe	81

C:\Users\Admin\AppData\Local\Temp\STUB.exe
"C:\Users\Admin\AppData\Local\Temp\STUB.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4932
- C:\ProgramData\srv dir\serber.exe
  "C:\ProgramData\srv dir\serber.exe" {93E22229-04A8-4123-9564-D3619CF9015B}
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1728

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\srv dir\serber.exe

Filesize
276KB

MD5
31b8cb9b5e6856908ab3d5d138f6a7b0

SHA1
bad93dd87c7863a95e1ae79135bd9f8f78228f13

SHA256
5159d8e2d07c08e4280c303b1a74c93efb3129348e381c3bb0656f6abaf2d3b1

SHA512
fd30b645368ff6f91c875db93c788e6dd7453d19f04dd7d8bffb12ddcee8d587dacea7aefda4e2638ff8161ad3deca3b0e6997ca3e2bb98318f070e163fcd1ec

Download Submit