Cybersecurity researchers uncovered a sophisticated malware that employs corrupted DOS and PE headers to evade detection and analysis. The malware acts as a remote access Trojan (RAT), enabling attackers to control infected systems remotely and establish communication with a C2 server over TLS. #Fortinet #ThreatActor
Keypoints
- The malware operates within a Windows process named dllhost.exe and uses header corruption to hinder analysis.
- Researchers obtained a full memory dump to analyze the malware, which was difficult to reconstruct due to header corruption.
- The malware decrypts C2 server domains from memory and communicates over TLS to avoid detection.
- It functions as a multi-threaded RAT with capabilities to capture screenshots and manipulate system services.
- The malware transforms the compromised system into a remote-access platform for further attacks.
Read More: https://thehackernews.com/2025/05/new-windows-rat-evades-detection-for.html