ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > List all tools > List all groups using tool MysterySnail RAT

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: MysterySnail RAT

NamesMysterySnail RAT
CategoryMalware
TypeBackdoor, Info stealer, Exfiltration
Description(Kaspersky) Our deep dive into the MysterySnail RAT family started with an analysis of a previously unknown remote shell-type Trojan that was intended to be executed by an elevation of privilege exploit. The sample which we analyzed was also uploaded to VT on August 10, 2021. The sample is very big – 8.29MB. One of the reasons for the file size is that it’s statically compiled with the OpenSSL library and contains unused code and data belonging to that library. But the main reason for its size is the presence of two very large functions that do nothing but waste processor clock cycles. These functions also “use” randomly generated strings that are also present in a binary.
Information<https://securelist.com/mysterysnail-attacks-with-windows-zero-day/104509/>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.mystery_snail>

Last change to this tool card: 28 December 2021

Download this tool card in JSON format

All groups using tool MysterySnail RAT

ChangedNameCountryObserved

APT groups

 IronHuskyChina2017-Aug 2021 

1 group listed (1 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]