ResolverRAT Targets Healthcare Sector - #ResolverRAT
A new remote access trojan called ResolverRAT has emerged, targeting healthcare and pharmaceutical sectors globally through sophisticated phishing campaigns. This malware employs advanced in-memory execution and evasion techniques, making it challenging to detect and analyze. ResolverRAT utilizes DLL side-loading, .NET resource hijacking, and AES-256 encryption to protect its payload and evade security measures. It establishes persistence through multiple obfuscated registry entries and employs a complex command-and-control infrastructure with certificate pinning and IP rotation. The malware's distribution via localized phishing emails in various languages indicates a broad, coordinated effort to maximize infection rates. While similarities exist with other malware families, ResolverRAT's unique architecture and advanced capabilities mark it as a significant emerging threat in the cybersecurity landscape.