Disarming DarkGate: A Deep Dive into Thwarting the Latest DarkGate Variant

July 15, 2024, 3:27 p.m.

Description

This report analyzes a recent phishing campaign distributing a new DarkGate Remote Access Trojan variant. The malware leverages various obfuscation and anti-analysis techniques, including process hollowing, anti-VM checks, and encoding. It supports numerous malicious functionalities like ransomware, credential theft, remote control, and system disruption, controlled by a command-and-control server. The analysis provides in-depth technical details on the malware's execution flow, anti-detection mechanisms, and command handling.

External References

https://blog.sonicwall.com/en-us/2024/07/disarming-darkgate-a-deep-dive-into-thwarting-the-latest-darkgate-variant/
https://otx.alienvault.com/pulse/66953ce8e8b337e9591be5a9
Tags
rat
darkgate
2024-07-15

Date

  • Created: July 15, 2024, 3:14 p.m.
  • Published: July 15, 2024, 3:14 p.m.
  • Modified: July 15, 2024, 3:27 p.m.

Indicators

  • 83f1fab236357817270f995a6e3e32f90661dad6d625ad1e1f16b06c248da1d1
  • 6c8e82b582f55a03277427e757331e5aa53dcf6656785dcb44f2958ef5516863
  • 49a46f2ff414ad11b2b623a7dc811002bf78979b5db1fb6f03334fd1fa20f8a6
  • 0a3764e9972dcdd3819f4728038d094a28a1ccff43d7d9e413eab794c9ecbe05
Download all indicators here!

Attack Patterns

  • DarkGate