Extracted

• • Target

    1e89a629915d0b45d00b5628cfe0b5bca2de6904bea55663fd438248ef90d670.exe

  • Size

    914KB

  • MD5

    79b3cf22206c170f154cbf0cd426cc1d

  • SHA1

    e6713d0bdc8cdd3c150762d62aea06b700556c81

  • SHA256

    1e89a629915d0b45d00b5628cfe0b5bca2de6904bea55663fd438248ef90d670

  • SHA512

    39336a173682521f96ea905c16fb32141898587e97240b648a967c88715c65210675fdb01e6e6ba77baac92933687e4e998c55c044ba9240eff023c1b7db331d

  • SSDEEP

    12288:Sd05O1ec3wSodJFmoVFl748RNtFogOuQ0mE8VCAkxh4hS4f/+0T8JnZHL:S6ueMwvR9dofuQ0mE8VCtZHL

  Score

  10^/10

  darkvisionexecutionrat

  • DarkVision Rat

    DarkVision Rat is a trojan written in C++.

    ratdarkvision

  • Darkvision family

    darkvision

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Drops startup file

  • Suspicious use of SetThreadContext

  behavioral1behavioral2