New Fileless Malware Uses Windows Registry as Storage to Evade Detection
16-Dec-21
To avoid detection and analysis, a new JavaScriptbased remote access Trojan (RAT) spread via a social engineering campaign has been spotted using stealthy “fileless” approaches as part of its detectionevasion strategies.
The virus, dubbed DarkWatchman by Prevailion’s Adversarial Counterintelligence Team (PACT), uses a robust domain generation algorithm (DGA) to identify its commandandcontrol (C2) infrastructure and stores all of its data in the Windows Registry, allowing it to avoid antimalware engines.
