Category | Details |
---|---|
Threat Actors | NonEuclid RAT developer (moniker: NAZZED); promoted on Russian forums and Discord channels. |
Campaign Overview | Malware spreading via phishing attacks; focuses on detection evasion, privilege escalation, and ransomware encryption. |
Target Regions (Or Victims) | Global targets, unspecified sectors; emphasis on corporate and individual systems. |
Methodology | Advanced detection evasion, registry manipulation, mutex usage, anti-VM checks, ransomware encryption, and persistence mechanisms. |
Product Targeted | Sensitive files (e.g., .csv, .txt, .php); targeted system control via remote access. |
Malware Reference | NonEuclid RAT: C#-based malware built for .NET Framework 4.8 with advanced capabilities. |
Tools Used | AES encryption, scheduled tasks, registry manipulation, Windows API calls for process termination. |
Vulnerabilities Exploited | Exploits Windows Defender bypass, Task Scheduler persistence, and privilege escalation vulnerabilities. |
TTPs | Anti-VM checks, dynamic DLL loading, mutex creation, process blocking, registry exclusions, ransomware file encryption. |
Attribution | Developed by “NAZZED”; widely advertised on hacking forums and social media since October 2021. |
Recommendations | Employ endpoint detection and response (EDR), monitor registry changes, use strong email security, train employees against phishing. |
Source | SOC Prime |
Read full article: https://socprime.com/blog/noneuclid-rat-malware-detection/
The above summary has been generated by an AI language model
Leave a Reply