DarkGate Gained Popularity For Its Covert Nature And Antivirus Evasion

From gbhackers.com

DarkGate, a sophisticated Malware-as-a-Service (MaaS) offered by the enigmatic RastaFarEye persona, has surged in prominence.

The malware is known for abusing Microsoft Teams and MSI files to compromise target systems. 

This Sekoia report delves into its ominous capabilities, examining its deployment by threat actors like TA577 and Ducktail.

DarkGate employs ingenious data obfuscation techniques, including base64 encoding with a dual-alphabet approach. 

Unraveling its inner workings reveals a TStringList configuration stored in PE, challenging analysts to decode and comprehend.

Read more…