MysterySnail RAT exploits use-after-free vulnerability (CVE-2021-40449) in Win32 NtGdiResetDC function. This effect almost all Windows version after XP, including Windows Server. Its functionalities are off a "typical"
RAT but it stays under the radar because of its "abnormal" size of 8.30 MB. If size comes of bogus functions that are inside it that does nothing excepting wasting computing cycles. It exports large number of function while the real work is performed by only one of them,
GetInfo.
MysterySnail RAT Signatures
Family: Trojan:Win32/Vigorf.A
MD5: e2f2d2832da0facbd716d6ad298073ca
SHA256: b7fb3623e31fb36fc3d3a4d99829e42910cad4da4fa7429a2d99a838e004366e
MysterySnail RAT Download
