General

  • Target

    bbb59f158a76d0b043c7d050bba4c4ad82b94d383f9db265119a24360d7279e4

  • Size

    4.1MB

  • Sample

    241227-sldqyswnhy

  • MD5

    a3a87410c13cc37b48a9d63d84798a26

  • SHA1

    170685b36ce0c7ca791b80886e88f3955a707527

  • SHA256

    bbb59f158a76d0b043c7d050bba4c4ad82b94d383f9db265119a24360d7279e4

  • SHA512

    1e7071749d1e96674a6a802a6317e7f71350975516f0c75fe0d0f6d987ad5d6db91ff6cba43a8c03117ddaeccc2ac40e97f10f2cba20204a645e9369fb38b543

  • SSDEEP

    49152:0WMGLpZbOwUvMB/gDck3KcbW4gtRt7P7KUV85:1xB/Mt3jW9BP7KUVc

Malware Config

Targets

    • Target

      bbb59f158a76d0b043c7d050bba4c4ad82b94d383f9db265119a24360d7279e4

    • Size

      4.1MB

    • MD5

      a3a87410c13cc37b48a9d63d84798a26

    • SHA1

      170685b36ce0c7ca791b80886e88f3955a707527

    • SHA256

      bbb59f158a76d0b043c7d050bba4c4ad82b94d383f9db265119a24360d7279e4

    • SHA512

      1e7071749d1e96674a6a802a6317e7f71350975516f0c75fe0d0f6d987ad5d6db91ff6cba43a8c03117ddaeccc2ac40e97f10f2cba20204a645e9369fb38b543

    • SSDEEP

      49152:0WMGLpZbOwUvMB/gDck3KcbW4gtRt7P7KUV85:1xB/Mt3jW9BP7KUVc

    • DarkVision Rat

      DarkVision Rat is a trojan written in C++.

    • Darkvision family

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Drops startup file

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks