RAT
Running RAT
aka running_rat
NJCCIC characterizes RunningRAT as a remote access trojan (RAT) that operates using two DLL files.
Running RAT, also known as running_rat, is a Windows rat.
Background
According to NJCCIC, RunningRAT is a remote access trojan (RAT) that relies on a pair of DLL files. The first DLL runs when the trojan lands on a host, and it is responsible for switching off anti-malware tools, unpacking and launching the core RAT DLL, and establishing persistence. It also drops a Windows batch file, dx.bat, that tries to terminate daumcleaner.exe, a Korean security product, before deleting itself. After the second DLL is in memory, the first DLL rewrites the control server IP so the trojan talks to a different address. The second DLL collects details about the victim machine such as its operating system, drivers, and processor, and provides capabilities including keylogging, clipboard capture, file deletion and compression, event log clearing, and shutting the machine down. It additionally incorporates several anti-debugging techniques.
Source: Malpedia (Fraunhofer FKIE).