darkvision | e32d30e690548e5727082538d480cc378644db1c98cce3a063f69569d7fd60b2

Sharing

Copy URL

Twitter E-mail

General

Target

PO202502DAKE.zip
Size

1.9MB
Sample

250311-ne6e6s1ls5
MD5

427568b60bc14283e2bae0c4aff1775d
SHA1

1c7f0a258ab9e8883df9eed025ef14db6fb913d5
SHA256

e32d30e690548e5727082538d480cc378644db1c98cce3a063f69569d7fd60b2
SHA512

51b76747aee8438147451d85470be13bc6b6e10803565d2b5a0b77e826cda6c87505db33185252c058c77ac7c2e2fd4daf4fae01b295fe6cf447040088594426
SSDEEP

49152:uMPSgPehUESs02u+akHEPt0Jc3zc6SXgxCVeCyY:ucWBSSc3ATXgxCV8Y

Score

10^/10

Malware Config

Extracted

Family

darkvision

myasyncrat.ddns.net

Targets

- Target
  
  PO202502DAKE.exe
- Size
  
  62KB
- MD5
  
  fd3c8166e7fbbb64d12c1170b8f4bacf
- SHA1
  
  dc8d7acb3f6dfd990f20ec02675c5d92fd674428
- SHA256
  
  a52e245dd7937094711b10c479274a2cccea2dfb89f7d4c9f22879214718f92b
- SHA512
  
  7caf92d9d44e0e6026cd9115c8c6f3026e5074adfe27af353ad9a6a780bdbd5d07cc0a93c16cc8ca4cc08fe11cf116cd0a6e14ad4af80d550cf71085a853fad5
- SSDEEP
  
  1536:zvQkcJHZ964TLjmc6Jr8Pqkv2fUjLWAMC7XPxs:zvVWDTvmc6Jr8Pqi2HAMCL6
Score

10^/10

darkvision execution rat persistence
- DarkVision Rat
  DarkVision Rat is a trojan written in C++.
  rat darkvision
- Darkvision family
  darkvision
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  libcares-2.dll
- Size
  
  1.9MB
- MD5
  
  49abecb8967a527f3f8b5493f0f82820
- SHA1
  
  31b535360199e41ae87111b36f9ef97977b3d9c6
- SHA256
  
  17f1ca60b529a4617fdd64bdf686b78f704abbe6d19b69c109bffd352ac9503c
- SHA512
  
  614593697a2acd897331595cc56164601528c03be6966aa599e2f541276ea71fdcc547195534119904da921b5fa9f8c5e14777c126aa6827be57b2b406d19be4
- SSDEEP
  
  49152:A7rb1O0bSOWgRKuMCnuuUr11O75hIE1q9n/Xl:dN1
Score

10^/10

darkvision execution rat
- DarkVision Rat
  DarkVision Rat is a trojan written in C++.
  rat darkvision
- Darkvision family
  darkvision
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Suspicious use of SetThreadContext
behavioral3 behavioral4
- Target
  
  msvcp290.dll
- Size
  
  1.8MB
- MD5
  
  e0d6e35a1b29a6dded46532ea4331ef9
- SHA1
  
  be78ee87b098d864eb55a462e09dcf6a137facdd
- SHA256
  
  c3199ea2ea2f310180cf52f835b7534d12df3ab1a7b695259b35e3bf411cfb56
- SHA512
  
  124dcaabb16eb4d521bc3eeb08dbbd45c9eb750e11f67a0654903a0b62e19875832706b4ebb619c2cca3b68d88e47edd4c63079b0b788ea723bf10b3a5ec0298
- SSDEEP
  
  24576:dxDY9JiTNYo5StQlbSCLy3tbRoUNr8o37SzTNRbrdnFbA6mI9e1kyHSxR+jl45lY:dxDY9JifIwo3yTNVddAu9e1kLyl45l
Score

1^/10
behavioral5 behavioral6
- Target
  
  nasrallah_x86.dll
- Size
  
  453KB
- MD5
  
  b5f2411d0ab5cfbec4de2b5292ce34d2
- SHA1
  
  14c455a55bc0a32572ff24362fa176c61abd8be7
- SHA256
  
  7f49b5cb029653dee44791f5309830e94c03a3e4da53bffa03192e48ab5bcbc9
- SHA512
  
  92201c5663f3b77aa97d512cc7810b6dab2243457bc7d0bf648589eacddfb8790aaba45e3826cd57edcfba5fca5212028ef8ef512f903b929a7fe29481541b9a
- SSDEEP
  
  6144:QMdVKz+LuaBM4/1qrbbYTsHYU6Aez8HVWIwo:xLXqrH+R+T
Score

1^/10
behavioral7 behavioral8
- Target
  
  vcruntime210.dll
- Size
  
  1KB
- MD5
  
  0e73abcdf363b934cb65da5ecc71233c
- SHA1
  
  1e3c77c3f091bdf7ce1e9edacd5dd733bcb3948a
- SHA256
  
  45edcd7e15993dc3bde1cbbb3f2926cc6fabc45390eebd17c730e60ab13707b5
- SHA512
  
  1d09d77b46c510c2641548aefb799326c68a15a80436ca1fba8638fa8c0ac50469b01303eadbd5406dae63c5c2f39c52a99e6238b1edfbb2c9ac1f77962cd29e
Score

1^/10
behavioral10 behavioral9

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

DarkVision Rat

Darkvision family

Command and Scripting Interpreter: PowerShell

Adds Run key to start application

Suspicious use of SetThreadContext

DarkVision Rat

Darkvision family

Command and Scripting Interpreter: PowerShell

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10