darkvision | aa873f1aeb2d13a9600b8132f7b115e31355e7aebe4175c7f4fcf13435a1a609 | Triage

Sharing

General

Target

x.exe.bin.exe
Size

664KB
Sample

250224-mthrzsxrs3
MD5

fe54dae7b2ca10a4d73e3db7889a401c
SHA1

c9766441ff9ebefb0ca17a55dcff87b2fb521200
SHA256

aa873f1aeb2d13a9600b8132f7b115e31355e7aebe4175c7f4fcf13435a1a609
SHA512

699574389bb13019d679ae059fa46e39c3a8527669540ef28adb45395cca5c3211cf1db4e69eb2158e65153cbf39a028c2f3061f83af4da4ce78f38a5f58d29c
SSDEEP

12288:bTe2C/vVtH6X9kfCLOmz1x7M6iM8ngIg579+S303KvFJ:StH6NkfCP1x7TPkgIgZ8S3038

Score

10^/10

darkvision execution rat

Malware Config

Extracted

Family

darkvision

C2

acuweld.ddns.net

Targets

- Target
  
  x.exe.bin.exe
- Size
  
  664KB
- MD5
  
  fe54dae7b2ca10a4d73e3db7889a401c
- SHA1
  
  c9766441ff9ebefb0ca17a55dcff87b2fb521200
- SHA256
  
  aa873f1aeb2d13a9600b8132f7b115e31355e7aebe4175c7f4fcf13435a1a609
- SHA512
  
  699574389bb13019d679ae059fa46e39c3a8527669540ef28adb45395cca5c3211cf1db4e69eb2158e65153cbf39a028c2f3061f83af4da4ce78f38a5f58d29c
- SSDEEP
  
  12288:bTe2C/vVtH6X9kfCLOmz1x7M6iM8ngIg579+S303KvFJ:StH6NkfCP1x7TPkgIgZ8S3038
Score

10^/10

darkvision execution rat
- DarkVision Rat
  DarkVision Rat is a trojan written in C++.
  rat darkvision
- Darkvision family
  darkvision
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

darkvisionexecutionrat