HEURRemoteAdmin.GoToResolve.gen has been identified as a Potentially Unwanted Application that can install silently and maintain a persistent presence on Windows systems. Researchers at Point Wild’s Lat61 team warn it can load the Windows Restart Manager (RstrtMgr.dll)—a component previously abused by Conti, Cactus ransomware and the BiBi wiper—to terminate security processes, meaning legitimately signed GoTo Resolve components can be misused. #HEURRemoteAdminGoToResolveGen #Conti
Keypoints
- HEURRemoteAdmin.GoToResolve.gen is flagged as a Potentially Unwanted Application that can run silently and persist on systems.
- The tool can hide deep in C:Program Files (x86)GoTo Resolve Unattended to maintain a stealthy, persistent presence.
- A bundled file named “32000~” contains hidden instructions for managing the app and expanding its attack surface.
- The software loads RstrtMgr.dll (Windows Restart Manager), which has been used by Conti, Cactus, and the BiBi wiper to terminate protective processes.
- Although digitally signed by GoTo Technologies, Point Wild warns the component can be misused and should be treated as a high-level risk unless authorized by security teams.
Read More: https://hackread.com/goto-resolve-activities-ransomware-tactics/