← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Dissecting DarkGate: Modular Malware Delivery and Persistence as a Service
WHITE AlienVault 2024-02-29 Modified: 2024-03-30
21
IOCs
MEDIUM VOLUME
This report analyzes a phishing PDF that led to the delivery of a signed MSI file containing layered stages designed to avoid detection and deliver the DarkGate malware for persistence and remote access. The analysis covers extracting and decrypting the stages to uncover the final payload.
extractionmsievasiondecryptionphishingdarkgatepdf
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
DarkGate
Indicators of Compromise (2 / 21 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA1 2a4062e10a5de813f5688221dbeb3f3ff33eb417 2024-02-29
FileHash-SHA1 f3fe341d79224126e950d2691d574d147102b18d 2024-02-29
References (1)
↗ https://isc.sans.edu/diary/Guest+Diary+Dissecting+DarkGate+Modular+Malware+Delivery+and+Persistence+as+a+Service/30700