Today > vulnerabilities   -   You can now download lists of IOCs here!

RunningRAT’s Next Move: From Remote Access to Crypto Mining for Profit

Nov. 6, 2024, 5:34 p.m.

Description

RunningRAT, a remote access trojan initially observed in 2018 targeting the Pyeongchang Winter Olympics, has evolved its capabilities to include cryptocurrency mining. This shift indicates an expansion of the malware's operational focus. The analysis reveals the discovery of RunningRAT samples in open directories, detailing its execution process, network communications, and connection to cryptocurrency mining tools. The malware's infrastructure includes command and control servers hosting XMRig mining software, suggesting a new direction towards financial gain through compromised systems. The findings highlight the adaptability of established malware and the importance of continued monitoring for emerging threats.

Date

Published: Nov. 6, 2024, 4:21 p.m.

Created: Nov. 6, 2024, 4:21 p.m.

Modified: Nov. 6, 2024, 5:34 p.m.

Indicators

db312628b3001d24ca2836ab065bed9573f65158a3b31d97f009f44110c4a4cb

e8d595834bb500f0bb3ad688fe7307e3a182229f3ef16a16549c9797cf1d8985

c55a1c1e2d0623fd7c5b2224e2e5a7b6f053f997080fb4f3d37a37d1b9ce807a

b69bf007797fdfecc90c5511dde776dc6c18c48cddec2804753533dbee4af80d

b10884a495070c2f9ee183bbbb6d1b8f7351fc75d094f4bb212c38c859a6e867

54409f5edb22b2c84de1ff5e6a76dd4b34d5acde60a0777f16251ccf4849929f

27a823c06e68b5f32c2331ef89de4f1de1773f39449a3509b3f397c3c4376cad

175d861d8f1337df6a0aafb845c2b7967d0c1ecd8c230e345d75d557440f15e5

152f1bf6b11eb2f8e0f31bce6853f7f9fa604164a429741ec0973f508f6520e1

11bd2c9f9e2397c9a16e0990e4ed2cf0679498fe0fd418a3dfdac60b5c160ee5

host404111.xyz

Attack Patterns

Running RAT

XMRig

T1569.002

T1055.001

T1543.003

T1059.003

T1059.001

T1547.001

T1204.002

T1016

T1518

T1082

T1057

T1105

T1083

T1071

T1055

T1140

T1033

T1049

T1027

Additional Informations

Japan

United States of America