Overview

overview

10

Static

static

10

846f502e17...52.exe

windows7-x64

10

846f502e17...52.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    846f502e17611e6624ac1eeaa1b4a4124fdaf912543073020eb6345520f4d152.exe

  • Size

    701KB

  • Sample

    250214-nk371avmes

  • MD5

    fcb30c64222ed295aef78c3e002b9298

  • SHA1

    353f6bd0715779a2e5e89f472c831d2db0918af8

  • SHA256

    846f502e17611e6624ac1eeaa1b4a4124fdaf912543073020eb6345520f4d152

  • SHA512

    aae308b1517e05c2f3d68973be987cf91e3f16c4a549fc3fb67e3f13cef6576f0fbb5b293b23e2703eb421e2366494bd054772383c386c75653a37c9a2242075

  • SSDEEP

    6144:KIfoEwPDpwFNDSoNEiC6kMYlOIa6VkctankhTl2DGl8HdZRw9wMUCHvkU0qDJ4gI:KIfbwPDpwTkiC2X8anaAZqVJ

Score
10/10
darkvisiondiscoverypersistencerat

Malware Config

Targets

    • Target

      846f502e17611e6624ac1eeaa1b4a4124fdaf912543073020eb6345520f4d152.exe

    • Size

      701KB

    • MD5

      fcb30c64222ed295aef78c3e002b9298

    • SHA1

      353f6bd0715779a2e5e89f472c831d2db0918af8

    • SHA256

      846f502e17611e6624ac1eeaa1b4a4124fdaf912543073020eb6345520f4d152

    • SHA512

      aae308b1517e05c2f3d68973be987cf91e3f16c4a549fc3fb67e3f13cef6576f0fbb5b293b23e2703eb421e2366494bd054772383c386c75653a37c9a2242075

    • SSDEEP

      6144:KIfoEwPDpwFNDSoNEiC6kMYlOIa6VkctankhTl2DGl8HdZRw9wMUCHvkU0qDJ4gI:KIfbwPDpwTkiC2X8anaAZqVJ

    Score
    10/10
    darkvisionratdiscoverypersistence

    • DarkVision Rat

      DarkVision Rat is a trojan written in C++.

      ratdarkvision

    • Darkvision family

      darkvision

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Deletes itself

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks