Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
New malware DarkWatchman uses Windows Registry to evade detection
#1
https://news.thewindowsclub.com/darkwatc...on-106589/        New malware DarkWatchman uses Windows Registry to evade detection

There is a new malware roaming the internet that is capable of using the Windows Registry to evade detection. From what we have gathered so far, this malware is JavaScript-based, and it’s also a Remote Access Trojan (RAT). Researchers from Prevailion’s Adversarial Counterintelligence Team (PACT) have decided to call this malware DarkWatchman. You see, it takes advantage of the domain generation algorithm (DGA) in order to identify its command-and-control infrastructure and uses the Windows Registry to store its operations. When this is done, DarkWatchman malware is then able to evade most antimalware engines.

malware      DarkWatchman malware uses Windows Registry to evade detection

OK, so the researchers claim it utilizes some interesting methods to perform fileless persistence on system activity along with dynamic run-time abilities.

Researchers Matt Stafford and Sherman Smith claim the malware “represents an evolution in Fileless malware techniques, as it uses the registry for nearly all temporary and permanent storage and therefore never writes anything to disk, allowing it to operate beneath or around the detection threshold of most security tools.”
Who were the targeted victims?

The folks at Prevailion stated the DarkWatchman RAT malware targeted a large organization in Russia. Several malware artifacts were identified, and all of this began back on November 12.2021. Now, since it has persistence and backdoor features, the team at PACT concluded that DarkWatchman could be a reconnaissance tool designed and used by ransomware groups looking to make millions of dollars.

    “The storage of the binary in the registry as encoded text means that DarkWatchman is persistent yet its executable is never (permanently) written to disk; it also means that DarkWatchman’s operators can update (or replace) the malware every time it’s executed,” according to the researchers.

At the moment, this RAT malware has yet to be linked to any known hacking group. However, the research team believes the crew behind it is a capable threat actor.

Date: December 20, 2021Tags: Malware
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Lazarus hackers use Windows Update to deploy malware Mohammad.Poorya 0 1,030 01-28-2022 , 05:33 AM
Last Post: Mohammad.Poorya
  Malware authors take advantage of the rush to try Windows 11 mrtrout 0 883 08-16-2021 , 09:11 PM
Last Post: mrtrout
  Password-Stealing Windows Malware has been Discovered mrtrout 0 931 07-24-2021 , 02:32 AM
Last Post: mrtrout
  Windows Defender is boosting its response to malware attacks dhruv2193 0 1,023 01-20-2021 , 06:29 AM
Last Post: dhruv2193
  Maze ransomware now encrypts via virtual machines to evade detection mrtrout 0 1,070 09-19-2020 , 08:30 AM
Last Post: mrtrout



Users browsing this thread: 1 Guest(s)