Extracted

• • Target

    dd86228f22a372a870efd571580bd2800c79f502a70a9b47aab2bdb10ca5766b.exe

  • Size

    4.0MB

  • MD5

    247e35b36f1fa7310918e3bf28ce0298

  • SHA1

    3069f557958742358302fcc216f3c80517733c22

  • SHA256

    dd86228f22a372a870efd571580bd2800c79f502a70a9b47aab2bdb10ca5766b

  • SHA512

    d702adb486eeaf270ee0904a5d6ef277025414bf050d392766763b49fa5b675939435913be7e57592757eb6d2c9f5ec93352b0714a1869fc2d71c3cb42f8495f

  • SSDEEP

    49152:GHC3lll91kgrtu/Q+CSj2BUKWXBt1eHx/G039ygNHhPguc:NB1NgnNj2BqX7B03sgNHhl

  Score

  10^/10

  darkvisionratexecution

  • DarkVision Rat

    DarkVision Rat is a trojan written in C++.

    ratdarkvision

  • Darkvision family

    darkvision

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Drops startup file

  • Executes dropped EXE

  behavioral1behavioral2