The Abuse of ITarian RMM by Dolphin Loader
Essential information
- Published
- 19/08/2024 13:24
- Modified
- 19/08/2024 13:55
- Tags
- 2024-08-19 autoit darkgate dolphin loader evade itarian lummac2 malware-as-a-service python redline rhadamanthys rmm sectoprat stealthy
- Related entities
- 24 observables, 1 intrusion sets (apt), 11 techniques (mitre), 6 malware
Description
This report explores how the Dolphin Loader, a malware-as-a-service loader, abuses the legitimate ITarian Remote Monitoring and Management (RMM) software to distribute various malware payloads. The loader leverages the built-in functionality of RMM tools, such as remote command execution and system monitoring, to operate stealthily and evade detection. The report provides an in-depth analysis of the Dolphin Loader's techniques, including the use of AutoIt scripts for payload execution and the abuse of the ITarian RMM software's 'Procedures' feature to run malicious Python scripts on registered devices.