DarkGate: Dancing the Samba With Alluring Excel Files
Essential information
- Published
- 11/07/2024 11:56
- Modified
- 11/07/2024 12:08
- Tags
- 2024-07-11 anti-analysis autohotkey darkgate excel sideloading
- Related entities
- 1 vulnerabilities (cve), 37 observables, 1 intrusion sets (apt), 18 techniques (mitre), 1 malware
Description
This analysis delves into a DarkGate malware campaign from March-April 2024 that exploits Microsoft Excel files to retrieve malicious payloads hosted on public-facing SMB file shares. It sheds light on the evolving tactics of this threat, which creatively abuses legitimate tools and services for distribution. The campaign targets various regions, primarily North America initially before spreading to Europe and parts of Asia. The report provides insights into DarkGate's background, infection chain, anti-analysis techniques, command and control infrastructure, and the indicators of compromise associated with this campaign.