Analysis
-
max time kernel
151s -
max time network
155s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
08-02-2025 03:35
General
-
Target
STUB.exe
-
Size
276KB
-
MD5
174e6546670f0af8e183d8c8511a41da
-
SHA1
05ef361696759d5441186f0b08d0ac3a89c2a80d
-
SHA256
dedbb7f79d01321a6f6f0274520dec5465d0a41d93f5839b5935084eb90b2462
-
SHA512
8b24cc4bd9a3a6dd679424c97cc01c22883a14db6fef0fe7d4874b42ab03d7a4b129026fc8019947f675c83ea1a8654e8bcabfa0e84a8a093976fbd1a33d02f6
-
SSDEEP
3072:rrDyh1bdjkWxF/1PVg88WRhgEr1yNhT2xE/3MW7o4+W95nBKq5Epr1R:uhhJDFgX3Er8PTAE/3JR5gqa
Score
10/10
Malware Config
Extracted
Family
darkvision
C2
195.88.218.126
Signatures
-
DarkVision Rat
DarkVision Rat is a trojan written in C++.
-
Darkvision family
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\STUB.exe"C:\Users\Admin\AppData\Local\Temp\STUB.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\ProgramData\we\we.exe"C:\ProgramData\we\we.exe" {B0419229-6C62-4A93-B3F0-7D8BEB56269B}2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
276KB
MD5174e6546670f0af8e183d8c8511a41da
SHA105ef361696759d5441186f0b08d0ac3a89c2a80d
SHA256dedbb7f79d01321a6f6f0274520dec5465d0a41d93f5839b5935084eb90b2462
SHA5128b24cc4bd9a3a6dd679424c97cc01c22883a14db6fef0fe7d4874b42ab03d7a4b129026fc8019947f675c83ea1a8654e8bcabfa0e84a8a093976fbd1a33d02f6