RunningRAT’s Next Move: From Remote Access to Crypto Mining for Profit
Nov. 6, 2024, 5:34 p.m.
Tags
External References
Description
RunningRAT, a remote access trojan initially observed in 2018 targeting the Pyeongchang Winter Olympics, has evolved its capabilities to include cryptocurrency mining. This shift indicates an expansion of the malware's operational focus. The analysis reveals the discovery of RunningRAT samples in open directories, detailing its execution process, network communications, and connection to cryptocurrency mining tools. The malware's infrastructure includes command and control servers hosting XMRig mining software, suggesting a new direction towards financial gain through compromised systems. The findings highlight the adaptability of established malware and the importance of continued monitoring for emerging threats.
Date
Published: Nov. 6, 2024, 4:21 p.m.
Created: Nov. 6, 2024, 4:21 p.m.
Modified: Nov. 6, 2024, 5:34 p.m.
Indicators
db312628b3001d24ca2836ab065bed9573f65158a3b31d97f009f44110c4a4cb
e8d595834bb500f0bb3ad688fe7307e3a182229f3ef16a16549c9797cf1d8985
c55a1c1e2d0623fd7c5b2224e2e5a7b6f053f997080fb4f3d37a37d1b9ce807a
b69bf007797fdfecc90c5511dde776dc6c18c48cddec2804753533dbee4af80d
b10884a495070c2f9ee183bbbb6d1b8f7351fc75d094f4bb212c38c859a6e867
54409f5edb22b2c84de1ff5e6a76dd4b34d5acde60a0777f16251ccf4849929f
27a823c06e68b5f32c2331ef89de4f1de1773f39449a3509b3f397c3c4376cad
175d861d8f1337df6a0aafb845c2b7967d0c1ecd8c230e345d75d557440f15e5
152f1bf6b11eb2f8e0f31bce6853f7f9fa604164a429741ec0973f508f6520e1
11bd2c9f9e2397c9a16e0990e4ed2cf0679498fe0fd418a3dfdac60b5c160ee5
host404111.xyz
Attack Patterns
Running RAT
XMRig
T1569.002
T1055.001
T1543.003
T1059.003
T1059.001
T1547.001
T1204.002
T1016
T1518
T1082
T1057
T1105
T1083
T1071
T1055
T1140
T1033
T1049
T1027
Additional Informations
Japan
United States of America