Remote access tools (RATs) are an interesting tool to maliciously have placed on a system. When these initially were created years ago, the focus was to gain access to the target’s computer and turn on the webcam and/or microphone to record the unsuspecting user. The next iteration was coded so the “On” light was toggled off, even though this was on. As time passed the technology improved, and this class of malware likewise improved to increase its functionality, performance, and malicious antics.
The new iteration is powerful malware. This has substantially increased the functions involved. This, in its intended use, is an all-in-one-malware. This particular malware has been in use since at least 2015.
This has been coded, simply, to take over the target’s computer. The end goal is to exfiltrate data and/or monitor the network. The RadRAT connects to the attackers C&C servers, which is a normal SOP. This allows for the complete control of the compromised system. This also allows the malware to move laterally through the target’s network. To make things interesting, this is coded with rootkit-like methods to evade detection. Two of the areas this focuses in on are credential and NTLM hash harvesting. There are other areas where this is working, including retrieving Windows passwords, however these are the primary thrust.
The malware is exceptionally problematic in that it will, during the infection stage, checks the flag values to expedite the attack and increase the areas it may traverse.
Any malware on a system is not beneficial and provides for problematic issues. Of the malware present in the wild, there are less intrusive samples to be infected with. This malware had been coded to complete its due diligence with the network and files while continuing with its mission.
Budaca, E. (2017). RadRAT: An all-in-one-toolkit for complex espionage ops.
E Hacking News. (2018, April 16). Romanian cybersecurity firm reveals all-in-one espionage tool: RadRAT. Retrieved from http://www.ehackingnews.com/2018/04/romanian-cybersecurity-firm-reveals-all.html
About the Author - Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.
Share on Facebook
Share on Twitter
I'm busy working on my blog posts. Watch this space!