The NonEuclid remote access trojan (RAT), developed in C#, is a highly sophisticated malware offering unauthorized remote access with advanced evasion techniques, including antivirus bypass and privilege escalation.
It has been advertised in underground forums since at least late November 2024, with tutorials and discussions about the malware discovered on platforms like Discord and YouTube.
NonEuclid's initialization phase checks for detection evasion, sets up TCP communication, and configures Microsoft Defender Antivirus exclusions to avoid security flags.
Among its anti-analysis techniques, NonEuclid checks if it’s running in a virtual or sandboxed environment and terminates if detected, enhancing its resilience against detection.
Collection
[
|
...
]