Press ESC to close

NonEuclid RAT Detection: Malware Enables Adversaries to Gain Unauthorized Remote Access and Control Over a Targeted System

CategoryDetails
Threat ActorsNonEuclid RAT developer (moniker: NAZZED); promoted on Russian forums and Discord channels.
Campaign OverviewMalware spreading via phishing attacks; focuses on detection evasion, privilege escalation, and ransomware encryption.
Target Regions (Or Victims)Global targets, unspecified sectors; emphasis on corporate and individual systems.
MethodologyAdvanced detection evasion, registry manipulation, mutex usage, anti-VM checks, ransomware encryption, and persistence mechanisms.
Product TargetedSensitive files (e.g., .csv, .txt, .php); targeted system control via remote access.
Malware ReferenceNonEuclid RAT: C#-based malware built for .NET Framework 4.8 with advanced capabilities.
Tools UsedAES encryption, scheduled tasks, registry manipulation, Windows API calls for process termination.
Vulnerabilities ExploitedExploits Windows Defender bypass, Task Scheduler persistence, and privilege escalation vulnerabilities.
TTPsAnti-VM checks, dynamic DLL loading, mutex creation, process blocking, registry exclusions, ransomware file encryption.
AttributionDeveloped by “NAZZED”; widely advertised on hacking forums and social media since October 2021.
RecommendationsEmploy endpoint detection and response (EDR), monitor registry changes, use strong email security, train employees against phishing.
Source SOC Prime

Read full article: https://socprime.com/blog/noneuclid-rat-malware-detection/

The above summary has been generated by an AI language model

Stay Updated with Our Newsletter

  

Source: SOC Prime

Published on: January 7, 2025

Leave a Reply

Your email address will not be published. Required fields are marked *