darkvision | bbb59f158a76d0b043c7d050bba4c4ad82b94d383f9db265119a24360d7279e4

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
27-12-2024 14:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bbb59f158a76d0b043c7d050bba4c4ad82b94d383f9db265119a24360d7279e4.exe
Size

4.1MB
MD5

a3a87410c13cc37b48a9d63d84798a26
SHA1

170685b36ce0c7ca791b80886e88f3955a707527
SHA256

bbb59f158a76d0b043c7d050bba4c4ad82b94d383f9db265119a24360d7279e4
SHA512

1e7071749d1e96674a6a802a6317e7f71350975516f0c75fe0d0f6d987ad5d6db91ff6cba43a8c03117ddaeccc2ac40e97f10f2cba20204a645e9369fb38b543
SSDEEP

49152:0WMGLpZbOwUvMB/gDck3KcbW4gtRt7P7KUV85:1xB/Mt3jW9BP7KUVc

Score

10^/10

darkvision rat

Malware Config

Signatures

DarkVision Rat
DarkVision Rat is a trojan written in C++.
rat darkvision
Darkvision family
darkvision

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	bbb59f158a76d0b043c7d050bba4c4ad82b94d383f9db265119a24360d7279e4.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	bbb59f158a76d0b043c7d050bba4c4ad82b94d383f9db265119a24360d7279e4.exe

C:\Users\Admin\AppData\Local\Temp\bbb59f158a76d0b043c7d050bba4c4ad82b94d383f9db265119a24360d7279e4.exe
"C:\Users\Admin\AppData\Local\Temp\bbb59f158a76d0b043c7d050bba4c4ad82b94d383f9db265119a24360d7279e4.exe"
1⤵
- Checks BIOS information in registry
PID:2664

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2664-1-0x0000000077B60000-0x0000000077B62000-memory.dmp

Filesize
8KB

Download
memory/2664-0-0x000000013FBD0000-0x000000013FFF0000-memory.dmp

Filesize
4.1MB

Download
memory/2664-3-0x000000013FBD0000-0x000000013FFF0000-memory.dmp

Filesize
4.1MB

Download