Overview

overview

10

Static

static

10

30dc2d8761...ff.exe

windows7-x64

10

30dc2d8761...ff.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    30dc2d8761e9bbd836e9ecbff8ce5a11e7bba4b76d4e6d74db3b69b4716b67ff.exe

  • Size

    1.0MB

  • Sample

    250216-cq4vyaxmez

  • MD5

    148763f489be6f80e66dde9bf907aa4e

  • SHA1

    ef45b99fb1b05ca3718e258e2814172a0ec2955c

  • SHA256

    30dc2d8761e9bbd836e9ecbff8ce5a11e7bba4b76d4e6d74db3b69b4716b67ff

  • SHA512

    c4809295af24e18978b0a1fe177cacc4c37676bfc9449c40c376aa740a6b9be963831706f1f3e529e87a1403976a296dffab0c70514b66bfcd756333820e01bb

  • SSDEEP

    12288:pIfbwPDpwTkiC2X8anaAZqlJCj6D2fJZSj+2O+AJzRhM:pIfbbbXnbZiK2O+AJzRhM

Score
10/10
darkvisiondiscoverypersistencerat

Malware Config

Targets

    • Target

      30dc2d8761e9bbd836e9ecbff8ce5a11e7bba4b76d4e6d74db3b69b4716b67ff.exe

    • Size

      1.0MB

    • MD5

      148763f489be6f80e66dde9bf907aa4e

    • SHA1

      ef45b99fb1b05ca3718e258e2814172a0ec2955c

    • SHA256

      30dc2d8761e9bbd836e9ecbff8ce5a11e7bba4b76d4e6d74db3b69b4716b67ff

    • SHA512

      c4809295af24e18978b0a1fe177cacc4c37676bfc9449c40c376aa740a6b9be963831706f1f3e529e87a1403976a296dffab0c70514b66bfcd756333820e01bb

    • SSDEEP

      12288:pIfbwPDpwTkiC2X8anaAZqlJCj6D2fJZSj+2O+AJzRhM:pIfbbbXnbZiK2O+AJzRhM

    Score
    10/10
    darkvisionratdiscoverypersistence

    • DarkVision Rat

      DarkVision Rat is a trojan written in C++.

      ratdarkvision

    • Darkvision family

      darkvision

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Deletes itself

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks