███████╗██╗ ██╗██╗██╗ ███╗ ███╗██╗ ██╗████████╗███████╗██╗ ██╗ ██╔════╝██║ ██║██║██║ ████╗ ████║██║ ██║╚══██╔══╝██╔════╝╚██╗██╔╝ █████╗ ██║ ██║██║██║ ██╔████╔██║██║ ██║ ██║ █████╗ ╚███╔╝ ██╔══╝ ╚██╗ ██╔╝██║██║ ██║╚██╔╝██║██║ ██║ ██║ ██╔══╝ ██╔██╗ ███████╗ ╚████╔╝ ██║███████╗ ██║ ╚═╝ ██║╚██████╔╝ ██║ ███████╗██╔╝ ██╗ ╚══════╝ ╚═══╝ ╚═╝╚══════╝ ╚═╝ ╚═╝ ╚═════╝ ╚═╝ ╚══════╝╚═╝ ╚═╝

⚠

Rimawi

rat1 mutex signatures

[BASIC_INFORMATION]

FAMILY_NAME:

Rimawi

CATEGORY:

RAT

DESCRIPTION:

Rimawi is a fork of AsyncRat, a remote access trojan (RAT) that provides attackers with remote control capabilities over compromised systems. It uses specific mutexes to ensure single instance execution and coordinate its activities on the infected system.

TAGS:

remote_accessbackdoorwindowspersistence

[MUTEX_SIGNATURES](1)

[MUTEX_01]

AZSXDCFVGBHNqwertyui

ANALYST: @adhikara13 DATE: 2024-12-19

REFERENCES:

https://tria.ge/240623-ntewrsyhpg/behavioral15

https://app.any.run/tasks/eeed2f54-4dbb-43d8-ac4a-5dc3b24c2419

[QUICK_ACTIONS]

[THREAT_INTELLIGENCE]

ATTRIBUTION:

⚠Unknown

FIRST_OBSERVED:

2024

[SIGMA_RULE]

[STATISTICS]

MUTEX_COUNT:1

THREAT_ACTORS:1

ALIASES:0

TAGS:4

CATEGORY:RAT

Malware profile loaded successfully