RunningRAT

Description

(McAfee) RunningRat is a remote access Trojan (RAT) that operates with two DLLs. It gets its name from a hardcoded string embedded in the malware. Upon being dropped onto a system, the first DLL executes. This DLL serves three main functions: killing antimalware, unpacking and executing the main RAT DLL, and obtaining persistence. The malware drops the Windows batch file dx.bat, which attempts to kill the task daumcleaner.exe; a Korean security program. The batch file then attempts to remove itself.

Names

Name
RunningRAT
Running RAT
running_rat

Type

Reconnaissance
Backdoor
Keylogger
Info stealer

Information

https://www.mcafee.com/blogs/other-blogs/mcafee-labs/gold-dragon-widens-olympics-malware-attacks-gains-permanent-presence-on-victims-systems/

Mitre Attack

https://attack.mitre.org/software/S0253/

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.runningrat

Other Information

Uuid

df6926cd-9c41-4db7-a233-54e6ebebb6ee

Last Card Change

2022-12-28

Threat Intelligence Garden

Explorer

RunningRAT

RunningRAT

Description

Names

Category

Type

Information

Mitre Attack

Malpedia

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks