Dissecting DarkGate: Modular Malware Delivery and Persistence as a Service [Thursday, February 29, 2024]

This report analyzes a phishing PDF that led to the delivery of a signed MSI file containing layered stages designed to avoid detection and deliver...
Dissecting DarkGate: Modular Malware Delivery and Persistence as a Service [Thursday, February 29, 2024]
Dissecting DarkGate: Modular Malware Delivery and Persistence as a Service

Dissecting DarkGate: Modular Malware Delivery and Persistence as a Service

Description :
This report analyzes a phishing PDF that led to the delivery of a signed MSI file containing layered stages designed to avoid detection and deliver the DarkGate malware for persistence and remote access. The analysis covers extracting and decrypting the stages to uncover the final payload.

Published Created Modified
2024-02-29 18:39:16 2024-02-29 18:39:16 2024-02-29 18:58:54

Tags

Indicators

IPv4s : URLs : Domains : Malwares :
  • DarkGate
Hashes :
  • f7e97b100abe658a0bad506218ff52b5b19adb75a421d7ad91d500c327685d29
  • f049356bb6a8a7cd82a58cdc9e48c492992d91088dda383bd597ff156d8d2929
  • 17158c1a804bbf073d7f0f64a9c974312b3967a43bdc029219ab62545b94e724
  • 2296f929340976c680d199ce8e47bd7136d9f4c1f7abc9df79843e094f894236
  • 91274ec3e1678cc1e92c02bc54a24372b19d644c855c96409b2a67a648034ccf
  • 107b32c5b789be9893f24d5bfe22633d25b7a3cae80082ef37b30e056869cc5c
  • 2693c9032d5568a44f3e0d834b154d823104905322121328ae0a1600607a2175
  • 599ab65935afd40c3bc7f1734cbb8f3c8c7b4b16333b994472f34585ebebe882
  • ee1ffb1f1903746e98aba2b392979a63a346fa0feab0d0a75477eacc72fc26a6
  • 693ff5db0a085db5094bb96cd4c0ce1d1d3fdc2fbf6b92c32836f3e61a089e7a
  • 237d1bca6e056df5bb16a1216a434634109478f882d3b1d58344c801d184f95d
MITRE ATT&CK Techniques :

External References

You can download the txt file containing the indicators by clicking on the button below:

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.