Extracted

• • Target

    9b2d36be5948b2c1a7827119a94365c0beb7a07bfccdda9f0b504a4b7cf9c9e7.exe

  • Size

    4.0MB

  • MD5

    23c0d50441149bf11a21e63a50828ef5

  • SHA1

    77c2ea87d63f5d49a6ea6e793ebf4b17f31cb5b3

  • SHA256

    9b2d36be5948b2c1a7827119a94365c0beb7a07bfccdda9f0b504a4b7cf9c9e7

  • SHA512

    d88b0c48fa92da2bd2899c36624148bd40f2e0221bff33d982091545e1e0a6b01ea34933adc3f9e1b1e1c507de70f38fd83a015072a14390d38bd05e556bf5ae

  • SSDEEP

    49152:9krvZq79gUpgKl/kdZMW/sIhN6hZATobIxcjVQO3uuA:dv9hW/9N6hCobGcj5e

  Score

  10^/10

  darkvisionexecutionrat

  • DarkVision Rat

    DarkVision Rat is a trojan written in C++.

    ratdarkvision

  • Darkvision family

    darkvision

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Drops startup file

  • Executes dropped EXE

  behavioral1