Concrete signature match: Trojan - Appears legitimate but performs malicious actions for .NET (Microsoft Intermediate Language) platform, family NjRat
This detection identifies a variant of the NjRat Remote Access Trojan (RAT), a malicious program that gives an attacker complete control over the infected system. The malware was identified through behavioral analysis when a legitimate Windows tool (RegAsm.exe) was used to execute a malicious payload, a common defense evasion technique.
No detailed analysis available from definition files.
667f6c3c83ec6d1e0d0040d0d706db43a5b908f5ee867489c41f0a574f045f8caae6f9029e4ef51be8e370efe7699d4fa45df3e57876ee04d25391dc388463dc19d222b1c260f674fdc55d92b04565ecf770ac2053d336208954910b1fd63bfb1. Isolate the host from the network immediately to sever command and control. 2. Use antivirus to run a full scan and remove the detected payload and any related components. 3. Investigate and remove persistence mechanisms (e.g., Registry Run keys, Scheduled Tasks). 4. Reset all passwords for accounts used on the machine from a separate, trusted device.