DarkVision RAT

SUMMARY :

DarkVision RAT is a customizable remote access trojan that first appeared in 2020, offered on Hack Forums for $60. Written in C/C++ and assembly, it offers features like keylogging, screenshots, file manipulation, process injection, remote code execution, and password theft. The analysis reveals a multi-stage attack chain using PureCrypter as a loader. DarkVision RAT employs various evasion and privilege escalation techniques, including DLL hijacking and process injection. It communicates with its C2 server using a custom protocol and supports multiple plugins for additional capabilities. The RAT's affordability and extensive feature set make it accessible to low-skilled cybercriminals, posing a significant threat.

OPENCTI LABELS :

remote access trojan,purecrypter,c2 communication,multi-stage attack,darkvision rat


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


DarkVision RAT