About: Nuclear RAT   Sponge Permalink

An Entity of Type : dbkwik:resource/uazuHg3wEfJ5Uid5iYR3Jw==, within Data Space : 134.155.108.49:8890 associated with source dataset(s)

Nuclear RAT (short for Nuclear Remote Administration Tool) is a backdoor trojan horse that infects Windows NT family systems (Windows 2000, XP, 2003). It uses a server creator, a client and a server to take control over a remote computer. It uses process hijacking to fool the firewall, and allows the server component to hijack processes and gain rights for accessing the internet. The server editor component has the following capabilities: The client component has the following capabilities: Older versions of this malware had ability to change their look through using skinnable windows.

AttributesValues
rdf:type
rdfs:label
  • Nuclear RAT
rdfs:comment
  • Nuclear RAT (short for Nuclear Remote Administration Tool) is a backdoor trojan horse that infects Windows NT family systems (Windows 2000, XP, 2003). It uses a server creator, a client and a server to take control over a remote computer. It uses process hijacking to fool the firewall, and allows the server component to hijack processes and gain rights for accessing the internet. The server editor component has the following capabilities: The client component has the following capabilities: Older versions of this malware had ability to change their look through using skinnable windows.
dcterms:subject
dbkwik:malware/pro...iPageUsesTemplate
Platform
  • Windows NT, Windows 2000, Windows XP, Windows Server 2003
Name
  • Nuclear Remote Administration Tool
Type
AKA
  • Backdoor.Delf.jl, Backdoor.Delf.jw, Backdoor.Win32.Nuclear.b, Win-Trojan/NucRAT, Win-Trojan:NucRAT, Win32/Nuclear.AG, Backdoor.Win32.Nuclear.ak
Family
  • Nuclear RAT
Creator
  • caesar2k
abstract
  • Nuclear RAT (short for Nuclear Remote Administration Tool) is a backdoor trojan horse that infects Windows NT family systems (Windows 2000, XP, 2003). It uses a server creator, a client and a server to take control over a remote computer. It uses process hijacking to fool the firewall, and allows the server component to hijack processes and gain rights for accessing the internet. The server component (217,600 bytes) is dropped under Windows, System32, or Program Files folders, under a custom named folder; the default is NR. Once the server component is run, it tries to connect to its client, that listens for incoming connections on a configurable port, to allow the attacker to execute arbitrary code from his or her computer. The server editor component has the following capabilities: * Create the server component * Change the server component's port number and/or IP address / DNS, connection retry interval, direct or reverse connection mode. * Change the server component's executable name, installation folder, target process hijacking * Change the name of the Windows registry startup entry * Change the PHP notify location * Include any plugins to be executed once ran * Include a fake error message that will be showed upon execution The client component has the following capabilities: * Take screenshots * View webcam shots * Capturing key strokes from the keyboard (keystroke logging) * General information about computer (Username, Timezone, Version installed, Language, Available drives, etc) * Mouse control * Remote BAT/VBS script execution * Monitor resolution * SOCKS 5 * HTTP Webserver * Shell console * File Manager (Download files and folders, Delete, Upload, Execute, Rename, Copy, Set Attributes, Create Folder, etc) * Window Manager (Hide, show, close, minimize/maximize, disable/enable X, rename caption, send keys, etc) * Process Manager (kill, unload DLL, list DLLs) * Registry Manager (Create key, edit values REG_DWORD, REG_BINARY, REG_MULTI_SZ, REG_SZ, create values, rename values) * Clipboard manager * Plugins manager (to add extra funcionality to the malware) * Shutdown computer * Message Box * Chat with infected machine * Web downloader * IP Scanner * Port redirect * TCP tunnel * Cam caplute * See Eden/Jimbolance Older versions of this malware had ability to change their look through using skinnable windows.
Alternative Linked Data Views: ODE     Raw Data in: CXML | CSV | RDF ( N-Triples N3/Turtle JSON XML ) | OData ( Atom JSON ) | Microdata ( JSON HTML) | JSON-LD    About   
This material is Open Knowledge   W3C Semantic Web Technology [RDF Data] Valid XHTML + RDFa
OpenLink Virtuoso version 07.20.3217, on Linux (x86_64-pc-linux-gnu), Standard Edition
Data on this page belongs to its respective rights holders.
Virtuoso Faceted Browser Copyright © 2009-2012 OpenLink Software