General
-
Target
adig.exe
-
Size
780KB
-
Sample
250406-lkxn4swsaz
-
MD5
7ad31c28848f1ff2193f807cb3deaaf9
-
SHA1
ed58fcebec0ecb5921a3a8f8e1a1647cddfefcfb
-
SHA256
013425ffb967f37556591d596ac033ae3a7ad466c512c32685e0cd960fbe670f
-
SHA512
7fd16fd547c86f34f1591bdd2cefc4fb42d6893611e43050519f09e6661a3c02404d308aa4d886e3a2b44859e96700ca1603dd636a631ebcd0dcea3fe733a5a0
-
SSDEEP
24576:VHHiWcxah9JB/OrWaQ47IbQuLVUpuWsZo:VHHiXahLBWrW58uLVU/sG
Malware Config
Targets
-
-
Target
adig.exe
-
Size
780KB
-
MD5
7ad31c28848f1ff2193f807cb3deaaf9
-
SHA1
ed58fcebec0ecb5921a3a8f8e1a1647cddfefcfb
-
SHA256
013425ffb967f37556591d596ac033ae3a7ad466c512c32685e0cd960fbe670f
-
SHA512
7fd16fd547c86f34f1591bdd2cefc4fb42d6893611e43050519f09e6661a3c02404d308aa4d886e3a2b44859e96700ca1603dd636a631ebcd0dcea3fe733a5a0
-
SSDEEP
24576:VHHiWcxah9JB/OrWaQ47IbQuLVUpuWsZo:VHHiXahLBWrW58uLVU/sG
Score10/10-
DarkVision Rat
DarkVision Rat is a trojan written in C++.
-
Darkvision family
-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-