216.73.217.139

DarkGate switches up its tactics with new payload, email templates

· Published 06/06/2024 07:26 · Modified 06/06/2024 08:07

Export JSON

Essential information

Published
06/06/2024 07:26
Modified
06/06/2024 08:07
Tags
2024-06-06 autohotkey darkgate email campaigns in-memory execution malspam template injection
Related entities
12 observables, 1 intrusion sets (apt), 9 techniques (mitre), 1 malware, 3 others

Description

This analysis delves into a recent surge of malicious by the threat actor, employing novel tactics to distribute malware. These campaigns leverage a technique called 'Remote ' to bypass security controls and deceive recipients into executing malicious code embedded within seemingly innocuous Excel attachments. Notably, the actor has transitioned from utilizing AutoIT scripts to scripting, executing the final payload directly in memory, without writing it to disk. This continuous evolution in infection chains demonstrates the actor's adaptability and determination to evade detection.

External references