Security News > 2022 > August > Researchers Detail Evasive DarkTortilla Crypter Used to Deliver Malware

A.NET-based evasive crypter named DarkTortilla has been used by threat actors to distribute a broad array of commodity malware as well as targeted payloads like Cobalt Strike and Metasploit, likely since 2015.

"DarkTortilla has versatility that similar malware does not," the researchers noted.

The delivery of DarkTortilla occurs via malicious spam emails which contain archives with an executable for an initial loader that's used to decode and launch a core processor module either embedded within itself or fetched from text storage sites such as Pastebin.

DarkTortilla is further noteworthy for its use of anti-tamper controls that ensure both the processes used to execute the components in memory are immediately rerun upon termination.

Secureworks said it identified an average of 93 unique DarkTortilla samples being uploaded to the VirusTotal malware database per week over a 17-month period from January 2021 to May 2022.

"DarkTortilla is capable of evading detection, is highly configurable, and delivers a wide range of popular and effective malware," the researchers concluded.

News URL

https://thehackernews.com/2022/08/researchers-detail-evasive-darktortilla.html