NukeSped RAT Description
The North Korean hacking group called Lazarus is back in the news. This is one of the most prominent APTs (Advanced Persistent Threat) in the world and has carried out numerous successful attacks globally. They also are known under the alias Hidden Cobra. It has long been speculated that the Lazarus hacking group is being funded by the North Korean government and used for doing the bidding of Kim Jong-Un. Malware researchers have reported that North Korean hacking groups are cooperating closely and are likely sharing members and infrastructure, making them even more threatening to anyone who stands against the interests of the government of North Korea.
How the NukeSped RAT Functions
One of their latest threats is the NukeSped RAT (Remote Access Trojan). This RAT was designed to target 32-bit systems. The authors of the NukeSped RAT have made sure to obfuscate the code of their creation to make it more difficult for cybersecurity researchers to dissect and study the threat. The NukeSped RAT will either be installed as a service or have its payload injected into a Run Registry key, to gain persistence on the infiltrated system. For this malware strain, a small set of APIs (Application Programming Interface) is invoked for resolving functions dynamically. A list of generic DLLs (Dynamic Link Libraries) and functions are then imported by a short import table.
For the most part, the NukeSped RAT serves as a tool that allows its operators to gain control of the compromised host. This would allow them to execute remote commands on the system. The NukeSped RAT also can:
- Create a process.
- Kill a process.
- Read files.
- Write files.
- Move files.
- Collect data regarding the installed disks – type, size and remaining space.
- Run a set of processes and modules repeatedly.
- Remove itself from the host.
The NukeSped RAT connects to the attackers’ C&C (Command & Control) server, which allows it to siphon the gathered information and receive additional payloads that can be planted on the infiltrated system potentially.
Do You Suspect Your PC May Be Infected with NukeSped RAT & Other Threats? Scan Your PC with SpyHunterSpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like NukeSped RAT as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Security Doesn't Let You Download SpyHunter or Access the Internet?Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
- Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
- Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
- Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
- IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.