darkvision | d6a5365c045330e093f36f11597e7a49924a52b3f19cbea45d37f1f1fcc2ffa7 | Triage

Sharing

General

Target

HDFCPAYMENT.bat
Size

413KB
Sample

250220-qj1rlawkdm
MD5

b40af4f36e64a53783d8c3dde233dc1a
SHA1

71a43ec06c566ea2fdbf898104a4c3c02b87bb72
SHA256

d6a5365c045330e093f36f11597e7a49924a52b3f19cbea45d37f1f1fcc2ffa7
SHA512

aa59ea51074b40df9bc183eae7d40e065e0d0e370ccf530dc86f0d6da621e6d857b306c1fd4a9ade7787ebed26cb1f012564a235b8597e04a83a95a531f7cfb3
SSDEEP

6144:+7xGCfsp8mrunqNHsO+AyLT+9lAx1nZJoEU/ghKWv9yEZIYe7uAtYJ5bNrJ8Wpwy:g0amrgUH6NvvZvUY8+9ytiAtqpOWpLf

Score

10^/10

darkvision execution rat

Malware Config

Targets

- Target
  
  HDFCPAYMENT.bat
- Size
  
  413KB
- MD5
  
  b40af4f36e64a53783d8c3dde233dc1a
- SHA1
  
  71a43ec06c566ea2fdbf898104a4c3c02b87bb72
- SHA256
  
  d6a5365c045330e093f36f11597e7a49924a52b3f19cbea45d37f1f1fcc2ffa7
- SHA512
  
  aa59ea51074b40df9bc183eae7d40e065e0d0e370ccf530dc86f0d6da621e6d857b306c1fd4a9ade7787ebed26cb1f012564a235b8597e04a83a95a531f7cfb3
- SSDEEP
  
  6144:+7xGCfsp8mrunqNHsO+AyLT+9lAx1nZJoEU/ghKWv9yEZIYe7uAtYJ5bNrJ8Wpwy:g0amrgUH6NvvZvUY8+9ytiAtqpOWpLf
Score

10^/10

darkvision execution rat
- DarkVision Rat
  DarkVision Rat is a trojan written in C++.
  rat darkvision
- Darkvision family
  darkvision
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Drops startup file
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

darkvisionexecutionrat