DarkVision RAT

Oct. 11, 2024, 8:10 a.m.

Description

DarkVision RAT is a customizable remote access trojan that first appeared in 2020, offered on Hack Forums for $60. Written in C/C++ and assembly, it offers features like keylogging, screenshots, file manipulation, process injection, remote code execution, and password theft. The analysis reveals a multi-stage attack chain using PureCrypter as a loader. DarkVision RAT employs various evasion and privilege escalation techniques, including DLL hijacking and process injection. It communicates with its C2 server using a custom protocol and supports multiple plugins for additional capabilities. The RAT's affordability and extensive feature set make it accessible to low-skilled cybercriminals, posing a significant threat.

External References

https://www.zscaler.com/blogs/security-research/technical-analysis-darkvision-rat
https://otx.alienvault.com/pulse/6707fb55cc1b64564533c615
Tags
purecrypter
c2 communication
multi-stage attack
2024-10-10
remote access trojan
darkvision rat

Date

  • Created: Oct. 10, 2024, 4:05 p.m.
  • Published: Oct. 10, 2024, 4:05 p.m.
  • Modified: Oct. 11, 2024, 8:10 a.m.

Attack Patterns

  • DarkVision RAT
  • PureCrypter