Today > 1 Critical | 6 High | 24 Medium vulnerabilities   -   You can now download lists of IOCs here!

Disarming DarkGate: A Deep Dive into Thwarting the Latest DarkGate Variant

July 15, 2024, 3:27 p.m.

Description

This report analyzes a recent phishing campaign distributing a new DarkGate Remote Access Trojan variant. The malware leverages various obfuscation and anti-analysis techniques, including process hollowing, anti-VM checks, and encoding. It supports numerous malicious functionalities like ransomware, credential theft, remote control, and system disruption, controlled by a command-and-control server. The analysis provides in-depth technical details on the malware's execution flow, anti-detection mechanisms, and command handling.

Date

Published: July 15, 2024, 3:14 p.m.

Created: July 15, 2024, 3:14 p.m.

Modified: July 15, 2024, 3:27 p.m.

Indicators

83f1fab236357817270f995a6e3e32f90661dad6d625ad1e1f16b06c248da1d1

6c8e82b582f55a03277427e757331e5aa53dcf6656785dcb44f2958ef5516863

49a46f2ff414ad11b2b623a7dc811002bf78979b5db1fb6f03334fd1fa20f8a6

0a3764e9972dcdd3819f4728038d094a28a1ccff43d7d9e413eab794c9ecbe05

Attack Patterns

DarkGate

T1563.002

T1543.003

T1053.005

T1490

T1027.002

T1547.001

T1059.007

T1497

T1562.001

T1489

T1105

T1083

T1055

T1134

T1498

T1204

T1027

T1059