Overview

overview

10

Static

static

3

PO690654W2...df.exe

windows7-x64

1

PO690654W2...df.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    24012025_0045_PO690654W226614626001MLCWHKGH10051950.pdf.exe.iso

  • Size

    468KB

  • Sample

    250124-a4d6bssrem

  • MD5

    23d9889d18283a7ca167160ff20b8e67

  • SHA1

    69ca71dcfd9ffd49e2bd3209241093c69b3fe15a

  • SHA256

    da9761f3f188bfa2208ad076f3f0760e16489add3554cf8e8a9e0a05f09adeb4

  • SHA512

    915bae332cbba736c573d82ffc5229574727aa3099e189c40b067052db7730e5d7cffc468e5dc0e0f3f3dd24247cb218942ad5c393131ac7e14f4b74c2ed109b

  • SSDEEP

    6144:9kQa+PH+Tp7WmgLhjIpPMrfkZTEOIMqbUn9k1ASrznh8bvBO:9La+eWYkfkZgOIMcU9k1ASr9U0

Score
10/10
darkvisionrat

Malware Config

Extracted

Family

darkvision

C2

http://servservserv.freewebhostmost.com/upload.php

Targets

    • Target

      PO690654W226614626001MLCWHKGH10051950.pdf.exe

    • Size

      407KB

    • MD5

      11707e7d4128ffd80fedf1b8e1ced024

    • SHA1

      b012614b4a5ca83156dda6b06951654650d99738

    • SHA256

      cbeab2846912cb969bf80b60693090f0ce20b288f138e70c3d5f7fc1f981b107

    • SHA512

      0c2e7bd02a7ccf53dcfed6067be2a810a239812b0c91cbca2da8d9d33898122c18e8e48e3fe23e007ca394ee2f158c2e68d9c234201c92b97977c2574e68b8e6

    • SSDEEP

      6144:tkQa+PH+Tp7WmgLhjIpPMrfkZTEOIMqbUn9k1ASrznh8bvBO:tLa+eWYkfkZgOIMcU9k1ASr9U0

    Score
    10/10
    darkvisionrat

    • DarkVision Rat

      DarkVision Rat is a trojan written in C++.

      ratdarkvision

    • Darkvision family

      darkvision

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Downloads MZ/PE file

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks