← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Dissecting DarkGate: Modular Malware Delivery and Persistence as a Service
WHITE AlienVault 2024-02-29 Modified: 2024-03-30
21
IOCs
MEDIUM VOLUME
This report analyzes a phishing PDF that led to the delivery of a signed MSI file containing layered stages designed to avoid detection and deliver the DarkGate malware for persistence and remote access. The analysis covers extracting and decrypting the stages to uncover the final payload.
extractionmsievasiondecryptionphishingdarkgatepdf
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
DarkGate
Indicators of Compromise (2 / 21 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 c56b5f0201a3b3de53e561fe76912bfd 2024-02-29
FileHash-MD5 d82b3fb861129c5d71f0cd2874f97216 2024-02-29
References (1)
↗ https://isc.sans.edu/diary/Guest+Diary+Dissecting+DarkGate+Modular+Malware+Delivery+and+Persistence+as+a+Service/30700