Disarming DarkGate: A Deep Dive into Thwarting the Latest DarkGate Variant
July 15, 2024, 3:27 p.m.
Description
This report analyzes a recent phishing campaign distributing a new DarkGate Remote Access Trojan variant. The malware leverages various obfuscation and anti-analysis techniques, including process hollowing, anti-VM checks, and encoding. It supports numerous malicious functionalities like ransomware, credential theft, remote control, and system disruption, controlled by a command-and-control server. The analysis provides in-depth technical details on the malware's execution flow, anti-detection mechanisms, and command handling.
Date
| Published | Created | Modified |
|---|---|---|
| July 15, 2024, 3:14 p.m. | July 15, 2024, 3:14 p.m. | July 15, 2024, 3:27 p.m. |
Indicators
83f1fab236357817270f995a6e3e32f90661dad6d625ad1e1f16b06c248da1d1
6c8e82b582f55a03277427e757331e5aa53dcf6656785dcb44f2958ef5516863
49a46f2ff414ad11b2b623a7dc811002bf78979b5db1fb6f03334fd1fa20f8a6
0a3764e9972dcdd3819f4728038d094a28a1ccff43d7d9e413eab794c9ecbe05
Attack Patterns
DarkGate
T1563.002
T1543.003
T1053.005
T1490
T1027.002
T1547.001
T1059.007
T1497
T1562.001
T1489
T1105
T1083
T1055
T1134
T1498
T1204
T1027
T1059