216.73.216.133

The Darkgate Menace: Leveraging Autohotkey & Attempt to Evade Smartscreen

· Published 30/04/2024 14:13 · Modified 01/05/2024 23:09

Export JSON

Essential information

Published
30/04/2024 14:13
Modified
01/05/2024 23:09
Tags
CVE-2023-36025 CVE-2024-21412 autohotkey darkgate html microsoft defender smartscreen xls file
Related entities
15 observables, 1 intrusion sets (apt), 17 techniques (mitre), 1 malware

Description

This report details a novel infection chain associated with malware, a Remote Access Trojan (RAT) that exploits the utility and attempts to bypass . The infection begins with an -based entry point or an , utilizing techniques such as disguising malicious content as legitimate files. The attack chain involves downloading and executing various components, including VBScript, PowerShell scripts, and scripts, ultimately leading to the execution of the payload. The report also highlights the vulnerability and its exploitation to evade SmartScreen warnings, as well as persistence mechanisms employed by the malware.

External references