MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e8fc5780d9cc4a19331190c876fbee0bc456a9f4b4b7610c6054474f18d2744f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

DarkVisionRAT

Vendor detections: 13

Intelligence 13 IOCs YARA File information Comments

SHA256 hash:	e8fc5780d9cc4a19331190c876fbee0bc456a9f4b4b7610c6054474f18d2744f
SHA3-384 hash:	4f97d7bd9d67a1d66574c0bab56097b4beca7a70db1257b40c9b0e49d047a602dead6a9ab4a0e7ce2663e90fa4515a7c
SHA1 hash:	f5242df0cd89d1e7e93809b3f57119f1f02fddcf
MD5 hash:	260068f3eb51470c3dd396b239441123
humanhash:	maryland-batman-october-sodium
File name:	SecuriteInfo.com.Win64.Evo-gen.28829498
Download:	download sample
Signature	DarkVisionRAT Create hunting rule
File size:	1'958'912 bytes
First seen:	2025-11-20 04:52:37 UTC
Last seen:	2025-11-20 06:28:17 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	679877ea45ff38e48e48875d525bcbb1 (15 x DarkVisionRAT)
ssdeep	49152:wudsKK64Eec20eCdWbivNY/Ml2chdQJs+krdUVeWqDGpRwIN:wuKu4EexCAGe0RnQGLrCV2nIN
TLSH	T1429523415183617FC9B1C27BD19B77B8E8A03FBB8D914C4AE2493E146C379D29E2B60D
TrID	38.3% (.EXE) Win16 NE executable (generic) (5038/12/1) 15.6% (.ICL) Windows Icons Library (generic) (2059/9) 15.4% (.EXE) OS/2 Executable (generic) (2029/13) 15.2% (.EXE) Generic Win/DOS Executable (2002/3) 15.2% (.EXE) DOS Executable Generic (2000/1)
Magika	pebin
Reporter	SecuriteInfoCom
Tags:	DarkVisionRAT exe

Intelligence

File Origin

# of uploads :

# of downloads :

116

Origin country :

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

BVLP267.exe

Verdict:

Malicious activity

Analysis date:

2025-11-20 04:12:33 UTC

Tags:

darkvision remote rat

Link:

https://app.any.run/tasks/e7b0f207-79b2-442e-adc1-fa6036b2630d

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/38751/

Detection(s):

SecuriteInfo.com.Win64.Evo-gen.28829498.UNOFFICIAL

Verdict:

Malicious

Score:

99.1%

Link:

https://cyber-fortress.com/docs/result/index.php?id=691e953040055a3d310dee26

Tags:

spawn virus hype

Result

Verdict:

Malware

Maliciousness:

Behaviour

Launching a process

Creating a process with a hidden window

Connection attempt

Sending a custom TCP request

Launching the default Windows debugger (dwwin.exe)

Сreating synchronization primitives

Searching for synchronization primitives

DNS request

Creating a file in the Windows subdirectories

Creating a service

Loading a system driver

Forced shutdown of a system process

Connection attempt to an infection source

Enabling autorun for a service

Unauthorized injection to a system process

Sending an HTTP GET request to an infection source

Adding an exclusion to Microsoft Defender

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

obfuscated packed packed unsafe vmprotect

Link:

https://www.filescan.io/uploads/691e9ebd4e3ba67f19d6a3c9/reports/bb857b7f-08cf-4ec9-8339-21c3042e9d11/overview

Verdict:

Malicious

Labled as:

Win/malicious_confidence_100%

Link:

https://www.hybrid-analysis.com/sample/e8fc5780d9cc4a19331190c876fbee0bc456a9f4b4b7610c6054474f18d2744f

Result

Gathering data

Verdict:

Malicious

File Type:

exe x64

First seen:

2025-11-20T01:23:00Z UTC

Last seen:

2025-11-20T01:37:00Z UTC

Hits:

~100

Detections:

Trojan.Win32.Strab.zos Trojan.Inject.TCP.ServerRequest Trojan.Agent.TCP.ServerRequest PDM:Trojan.Win32.Generic Trojan.Win32.Strab.sb Trojan.Win32.Agent.sb Trojan.MSIL.BypassUAC.sb

Link:

https://opentip.kaspersky.com/e8fc5780d9cc4a19331190c876fbee0bc456a9f4b4b7610c6054474f18d2744f/results?tab=lookup

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/111abf78-30a9-4a36-9344-37b5ffd57218

Score:

100%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/e8fc5780d9cc4a19331190c876fbee0bc456a9f4b4b7610c6054474f18d2744f

Verdict:

inconclusive

YARA:

4 match(es)

Tags:

Executable PE (Portable Executable) PE File Layout Win 64 Exe x64

Link:

https://app.malva.re/file/260068f3eb51470c3dd396b239441123

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/e8fc5780d9cc4a19331190c876fbee0bc456a9f4b4b7610c6054474f18d2744f/

Verdict:

Malicious

Threat:

Family.DARKVISION

Link:

https://tip.neiki.dev/file/e8fc5780d9cc4a19331190c876fbee0bc456a9f4b4b7610c6054474f18d2744f

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=5d6fpagzzrfbsmyrsdehn67obpcfnkpuws3wcddakrdu6ggsorhq._file

Result

Malware family:

darkvision

Score:

10/10

Tags:

family:darkvision execution persistence rat

Link:

https://tria.ge/reports/251120-fh43hsbq8z/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: LoadsDriver

Suspicious behavior: MapViewOfSection

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Command and Scripting Interpreter: PowerShell

Sets service image path in registry

DarkVision Rat

Darkvision family

Suspicious use of NtCreateUserProcessOtherParentProcess

Malware Config

C2 Extraction:

23.95.245.178

Verdict:

Malicious

Tags:

DarkVision_RAT

YARA:

n/a

Link:

https://app.threat.zone/submission/623920c1-c232-4dea-bd88-c9d491579eeb

Unpacked files

SH256 hash:

e8fc5780d9cc4a19331190c876fbee0bc456a9f4b4b7610c6054474f18d2744f

MD5 hash:

260068f3eb51470c3dd396b239441123

SHA1 hash:

f5242df0cd89d1e7e93809b3f57119f1f02fddcf

Link:

https://www.unpac.me/results/cc03ee5b-3e42-41c2-8040-9ed2bf371496/

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/e8fc5780d9cc/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.50

Link:

https://yomi.yoroi.company/submissions/e8fc5780d9cc4a19331190c876fbee0bc456a9f4b4b7610c6054474f18d2744f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DarkVisionRAT

exe e8fc5780d9cc4a19331190c876fbee0bc456a9f4b4b7610c6054474f18d2744f

(this sample)

Cape

https://www.capesandbox.com/analysis/38751/

URLhaus

https://urlhaus.abuse.ch/url/3712071/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample