Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

CSHARP-STREAMER RAT Evasion Tactics Unveiled

June 25, 2024
Reading Time: 2 mins read
in Alerts
CSHARP-STREAMER RAT Evasion Tactics Unveiled

CSHARP-STREAMER, a Remote Access Trojan (RAT), was uncovered during an investigation of a ransomware attack involving Metaencryptor. This RAT, which uses publicly available techniques such as AMSI Memory Bypass and XOR-decryption, was deployed via a PowerShell loader. Notably, CSHARP-STREAMER has been linked to several high-profile ransomware campaigns, including ALPHV and REvil, and its use has been observed in multiple attacks since its discovery.

The variant of CSHARP-STREAMER recently analyzed differs from earlier versions. This new version lacks components like the MegaUpload client and ICMP C2 communication, focusing instead on TCP relay functionality for network pivoting. This method leaves specific forensic traces, such as EventID 2004 in Windows Event Logs and firewall rules created by “netsh.exe,” which can be detected using a Sigma rule by Michel de Crevoisier.

The RAT’s primary function involves executing PowerShell scripts for domain enumeration and network propagation, with Metaencryptor using its relay features. Researchers noted that earlier versions of CSHARP-STREAMER had debugging symbols and Chinese code, whereas newer versions show a trend of increased functionality and modularity. The malware’s evolving nature and use of various configurations suggest it operates in a malware-as-a-service model.

Detection methods for CSHARP-STREAMER include monitoring PowerShell script blocks, analyzing firewall rule creation, and searching for specific strings in memory. The malware’s activity is often linked to ransomware groups like Metaencryptor and LostTrusts, indicating that RATs are a critical component in initial access broker strategies. Further analysis and detection tools are crucial for identifying and mitigating this sophisticated malware.

Reference:

  • CSHARP-STREAMER RAT Uses Advanced Evasion Tactics in Ransomware Attacks
Tags: CSHARP-STREAMERCyber AlertsCyber Alerts 2024Cyber threatsJune 2024MetaencryptorRATTrojan
ADVERTISEMENT

Related Posts

Wing FTP Server RCE Flaw Exploited

WinRAR Zero-Day Exploit $80K on Dark Web

July 14, 2025
Wing FTP Server RCE Flaw Exploited

Google Gemini Flaw Hijacks Email Summaries

July 14, 2025
Wing FTP Server RCE Flaw Exploited

Wing FTP Server RCE Flaw Exploited

July 14, 2025
Fake Firms Push Malware on Crypto Users

Fake Sites Push Investment Scams

July 11, 2025
Fake Firms Push Malware on Crypto Users

Severe WordPress Flaw 200K Sites at Risk

July 11, 2025
Fake Firms Push Malware on Crypto Users

Fake Firms Push Malware on Crypto Users

July 11, 2025

Latest Alerts

WinRAR Zero-Day Exploit $80K on Dark Web

Google Gemini Flaw Hijacks Email Summaries

Wing FTP Server RCE Flaw Exploited

Fake Sites Push Investment Scams

Fake Firms Push Malware on Crypto Users

Severe WordPress Flaw 200K Sites at Risk

Subscribe to our newsletter

    Latest Incidents

    Supermarket Cyberattack Prompts Warning

    China Hacker Suspected in DC Law Firm Breach

    nius.de Cyberattack Leaks User Data

    Microsoft’s Outlook Long Outage

    Avantic Lab Affected By Ransomware

    $40M+ Stolen from GMX Crypto Platform

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial