New RAT Malware ‘NonEuclid’ Emerges with Advanced Windows Defense Evasion Tactics

New RAT Malware 'NonEuclid' Emerges with Advanced Windows Defense Evasion Tactics

NonEuclid: A Sophisticated Remote Access Trojan Threatens Windows Systems

Security researchers have identified a new sophisticated remote access trojan (RAT) called NonEuclid, targeting Windows systems. Developed in C#, this advanced malware enables unauthorized remote access while employing multiple evasion techniques.

First appearing in underground forums in late November 2024, NonEuclid has gained attention through tutorials and discussions on platforms like Discord and YouTube, indicating its growing popularity among cybercriminals.

Key Features and Capabilities:
– Initializes through a client application
– Establishes TCP socket communication
– Configures Microsoft Defender Antivirus exclusions
– Monitors and terminates analysis tools like Task Manager
– Implements anti-virtual machine and sandbox detection
– Bypasses Windows Antimalware Scan Interface (AMSI)
– Maintains persistence via scheduled tasks and Registry modifications
– Elevates privileges by circumventing User Account Control
– Functions as ransomware by encrypting specific file types

The malware’s sophisticated detection evasion includes process monitoring using Windows API calls and immediate termination if virtual environments are detected. It specifically targets files with extensions like .CSV, .TXT, and .PHP, encrypting them with a “.NonEuclid” extension.

Cyfirma researchers emphasize that NonEuclid represents a significant evolution in modern malware, combining advanced stealth mechanisms with ransomware capabilities, making it a formidable threat to cybersecurity.

Share This Article