Extracted

• • Target

    1744309503099df524838d0a8c8fd13aa809ae7b016dd9df0ad7f6011645abe6c65ff728d4477.dat-decoded.exe

  • Size

    225KB

  • MD5

    b064c5c39eff3fb294144ed8a93966ea

  • SHA1

    8a2686a5e8b1876c17e41bb3ee15477473fd567e

  • SHA256

    dc467b57f0ac29a0ee0e1ed3c0e551c614f3c5e8b6a7c60c2e1c7e93a83f8d0d

  • SHA512

    7c8b59d8e9b9cae517f7b342eec504f8276fe0515fc9148df9f48d4f353cdb9b895196c8734c0e212c27bc9f4d11b3bd9202d4ebf50d472dffdb9082fa3e1a2e

  • SSDEEP

    3072:Ms1WvJ6f79wMK4+2GimcVRe+DvDDrhojDRmcldCKcW4OVWhMO:McWvS2MKdilBTDqj0kCk4Oy

  Score

  10^/10

  darkvisionexecutionrat

  • DarkVision Rat

    DarkVision Rat is a trojan written in C++.

    ratdarkvision

  • Darkvision family

    darkvision

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Drops startup file

  • Suspicious use of SetThreadContext

  behavioral1