Extracted

• • Target

    PO690654W226614626001MLCWHKGH10051950.pdf.exe

  • Size

    407KB

  • MD5

    11707e7d4128ffd80fedf1b8e1ced024

  • SHA1

    b012614b4a5ca83156dda6b06951654650d99738

  • SHA256

    cbeab2846912cb969bf80b60693090f0ce20b288f138e70c3d5f7fc1f981b107

  • SHA512

    0c2e7bd02a7ccf53dcfed6067be2a810a239812b0c91cbca2da8d9d33898122c18e8e48e3fe23e007ca394ee2f158c2e68d9c234201c92b97977c2574e68b8e6

  • SSDEEP

    6144:tkQa+PH+Tp7WmgLhjIpPMrfkZTEOIMqbUn9k1ASrznh8bvBO:tLa+eWYkfkZgOIMcU9k1ASr9U0

  Score

  10^/10

  darkvisionrat

  • DarkVision Rat

    DarkVision Rat is a trojan written in C++.

    ratdarkvision

  • Darkvision family

    darkvision

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Downloads MZ/PE file

  • Drops startup file

  • Suspicious use of SetThreadContext

  behavioral1behavioral2