Threat actor abuses Gophish to deliver new PowerRAT and DCRAT

    Wednesday, October 23, 2024 In: Threat Research Print

    Date: 10/23/2024

    Severity: Medium

    Summary

    A threat actor has been observed leveraging Gophish, a popular phishing framework, to distribute new variants of malware known as PowerRAT and DCRAT. These tools are designed for remote access and control of compromised systems, allowing attackers to steal sensitive information and execute commands. The use of Gophish indicates a targeted phishing approach, aiming to deceive users into downloading the malicious payloads. Organizations are advised to enhance their security measures and user awareness to mitigate the risks associated with such attacks.

    Indicators of Compromise (IOC) List

    Hash

    48046fb0e566f5a2d184f84b76d6cadc458762556daed0ae4a3a1200afbefb54

8edbb1944d94ff91ee917c31590b6d1d5690a52fc153e44355ee9749aa0f4625

012657c4548d9c98223caa4cc7aa52fc083d6983d42fde16ca3271412e7fe3fe

dc4840a0992b218cbedd5a7ac5c711cb98f1f9e78a8ffdea37c694061dfd34c6

8bc455e5de35290f8a94376357947bd72aaf6f4d452c25a8ef444e037ef76b9f

270c3354b3ee2940b499e365eaba143fba9d458f434dc38e663dc0f08e96121e

5d5d639fdfbf632bb7d9f1bb28731217d09d36078ab5e594baf2a5a41267a5d2

759b96f44806578cc0836a3a2bf11c8bc553effac72f8d28b94aec78b66be906

2eddfe711c32ef1668e14a10d00452c83c29e394e17c41f491550a1583c1bcac

33a8024395c56fab4564b9baef1645e505e00b0b36bff6fad3aedb666022599a

6ae3a58a78be9c606009c657de4e390538b21ad951e62b6f4d31138e1a75732c

1f2df15442593b159e45d16a27e4d43d3a9062da212a588ba4c048f214a0b7be

9f066975f1e02b29c7c635280f405c59704ce4f4e06b04e9ac8a7eac22acd3c7

c0c726a23111c220d022fcd01a85f9788249e42baece03f83b6059170453b801

364f1b7466d8e4c9f55294ecf1f874c763bcf980c59b0250c613ac366def6aca

1e9246e6a35731143368eaa0ade4f3cf576d6b22e6090152f6e94f1fa3070651

b8c994e3ed7dcc9080916119ddc315533c129479f508676d7544b82b2e24745f

63eb3d2886d9cb880c9b0d54b94f3e149b3b5b6215a33a0ef63588a09dcd4499

d00f7cf6af68ba832b9d364f28411346cfe66fd3b1f5bcac318766add29ff7f0

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    Detection Query 1

    sha256hash IN ("48046fb0e566f5a2d184f84b76d6cadc458762556daed0ae4a3a1200afbefb54","8edbb1944d94ff91ee917c31590b6d1d5690a52fc153e44355ee9749aa0f4625","012657c4548d9c98223caa4cc7aa52fc083d6983d42fde16ca3271412e7fe3fe","dc4840a0992b218cbedd5a7ac5c711cb98f1f9e78a8ffdea37c694061dfd34c6","8bc455e5de35290f8a94376357947bd72aaf6f4d452c25a8ef444e037ef76b9f","270c3354b3ee2940b499e365eaba143fba9d458f434dc38e663dc0f08e96121e","5d5d639fdfbf632bb7d9f1bb28731217d09d36078ab5e594baf2a5a41267a5d2","759b96f44806578cc0836a3a2bf11c8bc553effac72f8d28b94aec78b66be906","2eddfe711c32ef1668e14a10d00452c83c29e394e17c41f491550a1583c1bcac","33a8024395c56fab4564b9baef1645e505e00b0b36bff6fad3aedb666022599a","6ae3a58a78be9c606009c657de4e390538b21ad951e62b6f4d31138e1a75732c","1f2df15442593b159e45d16a27e4d43d3a9062da212a588ba4c048f214a0b7be","9f066975f1e02b29c7c635280f405c59704ce4f4e06b04e9ac8a7eac22acd3c7","c0c726a23111c220d022fcd01a85f9788249e42baece03f83b6059170453b801","364f1b7466d8e4c9f55294ecf1f874c763bcf980c59b0250c613ac366def6aca","1e9246e6a35731143368eaa0ade4f3cf576d6b22e6090152f6e94f1fa3070651","b8c994e3ed7dcc9080916119ddc315533c129479f508676d7544b82b2e24745f","63eb3d2886d9cb880c9b0d54b94f3e149b3b5b6215a33a0ef63588a09dcd4499","d00f7cf6af68ba832b9d364f28411346cfe66fd3b1f5bcac318766add29ff7f0")

    Reference: 

    https://blog.talosintelligence.com/gophish-powerrat-dcrat/


    Tags

    MalwarePhishingRATGophish

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2024 by Gurucul - All rights reserved.