Cobian RAT

Cobian RAT is a type of malware that can infect a computer or device through suspicious downloads, emails, or websites. Once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom. Recent in-the-wild Cobian RAT payload analysis shows that the malware is yet another Remote Access Trojan (RAT) spawned from the leaked njRAT code. During analysis, it was observed that when the machine name and username of the systems running the Cobian RAT payload and the control server are the same, the backdoor module will not be activated, and no communication will be sent to the backdoor C&C server. The executable file is packed using a .NET packer with the encrypted Cobian RAT payload embedded in the resource section. Figure 1 shows the Cobian RAT command-and-control server application, and Figure 5 shows the unpacked and decompiled version of the malware. The Cobian RAT payload masquerades as a Microsoft Excel spreadsheet file (Figure 3), and below is a complete list of commands supported by the payload analyzed. It is important to stay vigilant and keep anti-malware software up-to-date to prevent infection and damage to computer systems.