DarkVision RAT
Oct. 11, 2024, 8:10 a.m.
Description
DarkVision RAT is a customizable remote access trojan that first appeared in 2020, offered on Hack Forums for $60. Written in C/C++ and assembly, it offers features like keylogging, screenshots, file manipulation, process injection, remote code execution, and password theft. The analysis reveals a multi-stage attack chain using PureCrypter as a loader. DarkVision RAT employs various evasion and privilege escalation techniques, including DLL hijacking and process injection. It communicates with its C2 server using a custom protocol and supports multiple plugins for additional capabilities. The RAT's affordability and extensive feature set make it accessible to low-skilled cybercriminals, posing a significant threat.
Tags
Date
- Created: Oct. 10, 2024, 4:05 p.m.
- Published: Oct. 10, 2024, 4:05 p.m.
- Modified: Oct. 11, 2024, 8:10 a.m.
Attack Patterns
- DarkVision RAT
- PureCrypter
- T1125
- T1053.005
- T1010
- T1539
- T1571
- T1547.001
- T1056.001
- T1113
- T1123
- T1562.001
- T1529
- T1082
- T1057
- T1083
- T1055
- T1219
- T1140