Nuclear RAT

Nuclear RAT
Nuclear Remote Administration Tool
Common name Nuclear RAT
Technical name Nuclear Remote Administration Tool
Aliases Backdoor.Delf.jl, Backdoor.Delf.jw, Backdoor.Win32.Nuclear.b, Win-Trojan/NucRAT, Win-Trojan:NucRAT, Win32/Nuclear.AG, Backdoor.Win32.Nuclear.ak
Family Nuclear RAT
Classification Trojan
Type Windows NT, Windows 2000, Windows XP, Windows Server 2003
Subtype Backdoor
Isolation 2003 - present (new variants being released)
Point of isolation Unknown
Point of Origin Brazil
Author(s) caesar2k
Nuclear RAT client view

Nuclear RAT (short for Nuclear Remote Administration Tool) is a backdoor trojan horse that infects Windows NT family systems (Windows 2000, XP, 2003).[1] It uses a server creator, a client and a server to take control over a remote computer. It uses process hijacking to fool the firewall, and allows the server component to hijack processes and gain rights for accessing the internet.

The server component (217,600 bytes) is dropped under Windows, System32, or Program Files folders, under a custom named folder; the default is NR. Once the server component is run, it tries to connect to its client, that listens for incoming connections on a configurable port, to allow the attacker to execute arbitrary code from his or her computer.

The server editor component has the following capabilities:

  • Create the server component
  • Change the server component's port number and/or IP address / DNS, connection retry interval, direct or reverse connection mode.
  • Change the server component's executable name, installation folder, target process hijacking
  • Change the name of the Windows registry startup entry
  • Change the PHP notify location
  • Include any plugins to be executed once ran
  • Include a fake error message that will be showed upon execution

The client component has the following capabilities:

  • Take screenshots
  • View webcam shots
  • Capturing key strokes from the keyboard (keystroke logging)
  • General information about computer (Username, Timezone, Version installed, Language, Available drives, etc)
  • Mouse control
  • Remote BAT/VBS script execution
  • Monitor resolution
  • SOCKS 5
  • HTTP Webserver
  • Shell console
  • File Manager (Download files and folders, Delete, Upload, Execute, Rename, Copy, Set Attributes, Create Folder, etc)
  • Window Manager (Hide, show, close, minimize/maximize, disable/enable X, rename caption, send keys, etc)
  • Process Manager (kill, unload DLL, list DLLs)
  • Registry Manager (Create key, edit values REG_DWORD, REG_BINARY, REG_MULTI_SZ, REG_SZ, create values, rename values)
  • Clipboard manager
  • Plugins manager (to add extra funcionality to the malware)
  • Shutdown computer
  • Message Box
  • Chat with infected machine
  • Web downloader
  • IP Scanner
  • Port redirect
  • TCP tunnel
  • Cam caplute
  • See Eden/Jimbolance

Older versions of this malware had ability to change their look through using skinnable windows.

References

  1. ^ "Spyware Detail Nuclear RAT 1.0b1". Computer Associates. August 16, 2004. http://www.ca.com/securityadvisor/pest/pest.aspx?id=453078396. Retrieved 2009-03-01. 

See also

Reverse connection

External links



Wikimedia Foundation. 2010.

Игры ⚽ Нужно сделать НИР?

Look at other dictionaries:

  • Nuclear RAT — Desarrollador Caesar2k http://www.nuclearwintercrew.com/ …   Wikipedia Español

  • Nuclear receptor related 1 protein — Nuclear receptor subfamily 4, group A, member 2 PDB rendering based on 1cit …   Wikipedia

  • Nuclear (альбом) — Nuclear …   Википедия

  • Nuclear receptor — Crystallographic structure of a heterodimer of the nuclear receptors PPAR γ (green) and RXR α (cyan) bound to double stranded DNA (magenta) and two molecules of the NCOA2 coactivator (red). The PPAR γ antagonist GW9662 and RXR α agonist retinoic… …   Wikipedia

  • Rat Islands — ▪ islands, Alaska, United States       uninhabited group of the Aleutian Islands, southwestern Alaska, U.S. They extend about 110 miles (175 km) southeast of the Near Islands and west of the Andreanof Islands. The largest of the islands are… …   Universalium

  • Giant Black Rat — Giant black rats are a fictional species of ferocious radiation spawned rodents featured in James Herbert s horror novels The Rats which was first published in 1974, Lair in 1979 and Domain in 1985. They would later appear in the graphic novel… …   Wikipedia

  • Marsh rice rat — Temporal range: Rancholabrean (300,000 years before present) – present Conservation status …   Wikipedia

  • Grey Rat Snake — Gray s Ratsnake is a name of another snake, Coluber ventromaculatus Taxobox name = Gray Rat Snake regnum = Animalia phylum = Chordata classis = Reptilia ordo = Squamata familia = Colubridae genus = Elaphe species = E. obsoleta subspecies = E. o.… …   Wikipedia

  • Small nuclear ribonucleoprotein polypeptide N — Small nuclear ribonucleoprotein polypeptide N, also known as SNRPN, is a human gene.cite web | title = Entrez Gene: SNRPN small nuclear ribonucleoprotein polypeptide N| url = http://www.ncbi.nlm.nih.gov/sites/entrez?Db=gene Cmd=ShowDetailView… …   Wikipedia

  • Proliferating cell nuclear antigen — The assembled human DNA clamp, a trimer of the protein PCNA …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”