darkvision | bbb59f158a76d0b043c7d050bba4c4ad82b94d383f9db265119a24360d7279e4 | Triage

Sharing

General

Target

bbb59f158a76d0b043c7d050bba4c4ad82b94d383f9db265119a24360d7279e4
Size

4.1MB
Sample

241227-scy1jawqaj
MD5

a3a87410c13cc37b48a9d63d84798a26
SHA1

170685b36ce0c7ca791b80886e88f3955a707527
SHA256

bbb59f158a76d0b043c7d050bba4c4ad82b94d383f9db265119a24360d7279e4
SHA512

1e7071749d1e96674a6a802a6317e7f71350975516f0c75fe0d0f6d987ad5d6db91ff6cba43a8c03117ddaeccc2ac40e97f10f2cba20204a645e9369fb38b543
SSDEEP

49152:0WMGLpZbOwUvMB/gDck3KcbW4gtRt7P7KUV85:1xB/Mt3jW9BP7KUVc

Score

10^/10

darkvision execution rat

Malware Config

Targets

- Target
  
  bbb59f158a76d0b043c7d050bba4c4ad82b94d383f9db265119a24360d7279e4
- Size
  
  4.1MB
- MD5
  
  a3a87410c13cc37b48a9d63d84798a26
- SHA1
  
  170685b36ce0c7ca791b80886e88f3955a707527
- SHA256
  
  bbb59f158a76d0b043c7d050bba4c4ad82b94d383f9db265119a24360d7279e4
- SHA512
  
  1e7071749d1e96674a6a802a6317e7f71350975516f0c75fe0d0f6d987ad5d6db91ff6cba43a8c03117ddaeccc2ac40e97f10f2cba20204a645e9369fb38b543
- SSDEEP
  
  49152:0WMGLpZbOwUvMB/gDck3KcbW4gtRt7P7KUV85:1xB/Mt3jW9BP7KUVc
Score

10^/10

darkvision rat execution
- DarkVision Rat
  DarkVision Rat is a trojan written in C++.
  rat darkvision
- Darkvision family
  darkvision
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Drops startup file
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

darkvisionexecutionrat