| Category | Details |
|---|---|
| Threat Actors | NonEuclid RAT developer (moniker: NAZZED); promoted on Russian forums and Discord channels. |
| Campaign Overview | Malware spreading via phishing attacks; focuses on detection evasion, privilege escalation, and ransomware encryption. |
| Target Regions (Or Victims) | Global targets, unspecified sectors; emphasis on corporate and individual systems. |
| Methodology | Advanced detection evasion, registry manipulation, mutex usage, anti-VM checks, ransomware encryption, and persistence mechanisms. |
| Product Targeted | Sensitive files (e.g., .csv, .txt, .php); targeted system control via remote access. |
| Malware Reference | NonEuclid RAT: C#-based malware built for .NET Framework 4.8 with advanced capabilities. |
| Tools Used | AES encryption, scheduled tasks, registry manipulation, Windows API calls for process termination. |
| Vulnerabilities Exploited | Exploits Windows Defender bypass, Task Scheduler persistence, and privilege escalation vulnerabilities. |
| TTPs | Anti-VM checks, dynamic DLL loading, mutex creation, process blocking, registry exclusions, ransomware file encryption. |
| Attribution | Developed by “NAZZED”; widely advertised on hacking forums and social media since October 2021. |
| Recommendations | Employ endpoint detection and response (EDR), monitor registry changes, use strong email security, train employees against phishing. |
| Source | SOC Prime |
Read full article: https://socprime.com/blog/noneuclid-rat-malware-detection/
The above summary has been generated by an AI language model
Leave a Reply