New Malware Variant Identified: ResolverRAT Enters the Maze

Morphisec researchers describe ResolverRAT, a newly identified .NET-based remote access trojan used in phishing campaigns (notably targeting healthcare and pharmaceutical sectors) that employs in-memory execution, AES-encrypted embedded payloads, .NET resource resolver hijacking, reflective DLL loading, certificate-pinned C2 communications with IP rotation, extensive persistence, and multiple anti-analysis techniques; the report includes technical details of the loader/state machine, evasion methods, and IOCs (several SHA256 hashes, C2 IPs 38.54.6.120 and 192.30.241.106, and ports 56001–56003).