Overview

overview

10

Static

static

1

HDFC PAYMENT.bat

windows7-x64

1

HDFC PAYMENT.bat

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    21510767459.zip

  • Size

    312KB

  • Sample

    250221-hhwr9axnx9

  • MD5

    e50c604ca6f2826d9b3bf3757a5ba9cf

  • SHA1

    ee5dc5e01c6a259c4696b0a49e688827fbf53ae1

  • SHA256

    2394ebe357987c3177feda5060b31c7c489755e9046409af83cfd8a66aa1f2e4

  • SHA512

    bd1d465cda2f4cd25bfebb9c14a6f7556d3c15ac5ca0bfb80b7ff0c5adf921844bf20883003c2a50acad511cc498dbbfa661a19cf576ebc54050464f82d2ffe2

  • SSDEEP

    6144:Q7dc4FaP8P8u744gVooCE1u+utCmv6paZizNfQyYN+6PED+Mb:wFaPS8u743VooXE+HYayizNfjyfPTMb

Score
10/10
darkvisionexecutionrat

Malware Config

Targets

    • Target

      HDFC PAYMENT.bat

    • Size

      413KB

    • MD5

      b40af4f36e64a53783d8c3dde233dc1a

    • SHA1

      71a43ec06c566ea2fdbf898104a4c3c02b87bb72

    • SHA256

      d6a5365c045330e093f36f11597e7a49924a52b3f19cbea45d37f1f1fcc2ffa7

    • SHA512

      aa59ea51074b40df9bc183eae7d40e065e0d0e370ccf530dc86f0d6da621e6d857b306c1fd4a9ade7787ebed26cb1f012564a235b8597e04a83a95a531f7cfb3

    • SSDEEP

      6144:+7xGCfsp8mrunqNHsO+AyLT+9lAx1nZJoEU/ghKWv9yEZIYe7uAtYJ5bNrJ8Wpwy:g0amrgUH6NvvZvUY8+9ytiAtqpOWpLf

    Score
    10/10
    darkvisionexecutionrat

    • DarkVision Rat

      DarkVision Rat is a trojan written in C++.

      ratdarkvision

    • Darkvision family

      darkvision

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • .NET Reactor proctector

      Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

    • Drops startup file

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks