New Malware Variant Identified: ResolverRAT Enters the Maze www.morphisec.com/blog/new-…

ResolverRAT is a newly identified remote access trojan that combines advanced in-memory execution, API and resource resolution at runtime, and layered evasion techniques. Morphisec researchers have coined it ‘Resolver’ due to its heavy reliance on runtime resolution mechanisms and dynamic resource handling, which make static and behavioral analysis significantly more difficult.

Our decision to name and disclose details of ResolverRAT was reinforced by multiple detections targeting Morphisec customers in the healthcare and pharmaceutical sectors; the most recent attack wave was observed on March 10, 2025.

This blog provides a technical deep dive into the infection chain, loader internals, evasion techniques, and C2 infrastructure.