2021-12-21

DarkWatchman - Fileless Malware

Level: 
Tactical
  |  Source: 
Prevailion
Technology
Share:

DarkWatchman - Fileless Malware

Research from Prevailion’s Adversarial Counterintelligence Team (PACT) shared findings of a  javascript-based RAT dubbed, “DarkWatchman,” that uses Domain Generation Algorithms (DGA) for its Command and Control (C2) infrastructure achieving fileless persistence. The malware is distributed via email in a zip archive and uses the registry for essentially all temporary and permanent storage to avoid having the need to write to disk. The RAT is paired with a C# keylogger and utilizes LOLbins, and if the user has admin permission it deletes shadow copies.

     

Get trending threats published weekly by the Anvilogic team.

Sign Up Now