Analysis
-
max time kernel
149s -
max time network
147s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
01-01-2025 05:17
General
-
Target
STUB.exe
-
Size
276KB
-
MD5
a5772b2f2d542f4b9c8b470ffc6dc8aa
-
SHA1
1b06cc73448b6ac1cbd9a65d3a7272f498f0d7d6
-
SHA256
0f08beb8660353d377f2ea2ff01264d8c64a7eeb01f29fe91711ab02ead13e47
-
SHA512
5e67d9cc0fda9f87d3b7ea0fd39d9d5130d3b2cd4f0c40a7b2aefe347c7b070f262bb43cb5477c26d01050fedaaa01c9cfa39c64ef3bdd18f6b892a7e8d8503e
-
SSDEEP
3072:rrDyh1bdjkWxF/1PVg88WRhgEr1yNhT2xE/3MW7o4+W95nBkBPV5Epr1R:uhhJDFgX3Er8PTAE/3JR52Va
Score
10/10
Malware Config
Extracted
Family
darkvision
C2
147.185.221.24
Signatures
-
DarkVision Rat
DarkVision Rat is a trojan written in C++.
-
Darkvision family
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\STUB.exe"C:\Users\Admin\AppData\Local\Temp\STUB.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\ProgramData\Server\admin.exe"C:\ProgramData\Server\admin.exe" {8CD74CEB-EB0C-4B9F-AB18-236234CBF3C0}2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
276KB
MD5a5772b2f2d542f4b9c8b470ffc6dc8aa
SHA11b06cc73448b6ac1cbd9a65d3a7272f498f0d7d6
SHA2560f08beb8660353d377f2ea2ff01264d8c64a7eeb01f29fe91711ab02ead13e47
SHA5125e67d9cc0fda9f87d3b7ea0fd39d9d5130d3b2cd4f0c40a7b2aefe347c7b070f262bb43cb5477c26d01050fedaaa01c9cfa39c64ef3bdd18f6b892a7e8d8503e