Extracted

• • Target

    e6e5144ce070b80d64aa6a62bf83668f261c7682323f2c2abecfa343d014203a.exe

  • Size

    4.1MB

  • MD5

    29b59242ea878d117e0389094278d0f4

  • SHA1

    b9aa71a9f97f0581d67f5ba23ee12164b4e83bcd

  • SHA256

    e6e5144ce070b80d64aa6a62bf83668f261c7682323f2c2abecfa343d014203a

  • SHA512

    80b1d3b168adef6d9e70f00f835c3f2423c70e6ea52a536bcaed6b70ae7854e4e1e7162f0860b60d55798a59663b1e0a450a5547666ae0185e2e5965a461b586

  • SSDEEP

    49152:BTKkbhzMBKb1I4ggzs4EdmKyHZfLkg6BcixT:7rzsBdaHZzABcix

  Score

  10^/10

  darkvisionratexecution

  • DarkVision Rat

    DarkVision Rat is a trojan written in C++.

    ratdarkvision

  • Darkvision family

    darkvision

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Drops startup file

  • Executes dropped EXE

  behavioral1behavioral2