Malware Analysis Reveals Sophisticated RAT With Corrupted Headers
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A sophisticated remote access Trojan (RAT) has been discovered operating within a legitimate Windows process, using advanced evasion techniques. The malware's PE and DOS headers were deliberately corrupted, making traditional analysis difficult. Fortinet's FortiGuard Incident Response Team analyzed the malware using a full memory dump, recreating the compromised environment. The RAT's features include screenshot capture, remote server mode, and service control. It uses over 250 Windows APIs, encrypts C2 communications, and employs custom XOR-based encryption. The analysis highlights the need for enhanced security measures, including monitoring of legitimate processes, memory analysis tools, and network traffic analysis to defend against such sophisticated threats.
OPENCTI LABELS :
remote access trojan,corrupted headers,tls transmission,api mapping
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Malware Analysis Reveals Sophisticated RAT With Corrupted Headers