Today > vulnerabilities   -   You can now download lists of IOCs here!

DarkVision RAT

Oct. 11, 2024, 8:10 a.m.

Description

DarkVision RAT is a customizable remote access trojan that first appeared in 2020, offered on Hack Forums for $60. Written in C/C++ and assembly, it offers features like keylogging, screenshots, file manipulation, process injection, remote code execution, and password theft. The analysis reveals a multi-stage attack chain using PureCrypter as a loader. DarkVision RAT employs various evasion and privilege escalation techniques, including DLL hijacking and process injection. It communicates with its C2 server using a custom protocol and supports multiple plugins for additional capabilities. The RAT's affordability and extensive feature set make it accessible to low-skilled cybercriminals, posing a significant threat.

Date

Published: Oct. 10, 2024, 4:05 p.m.

Created: Oct. 10, 2024, 4:05 p.m.

Modified: Oct. 11, 2024, 8:10 a.m.

Attack Patterns

DarkVision RAT

PureCrypter

T1125

T1053.005

T1010

T1539

T1571

T1547.001

T1056.001

T1113

T1123

T1562.001

T1529

T1082

T1057

T1083

T1055

T1219

T1140