BitRAT

Industry: N/A | Level: Tactical | Source: Asec

BitRAT has been available to purchase through hacking forums since 2020, and is still being used today by attackers. The attackers disguised the malware as a Windows 10 license verification tool from the development stage. Users who download the illegal crack tools and try to install them to verify their Windows license are more at risk of having BitRAT loaded into their PC. BitRAT provides more than basic control features such as info-stealing, hidden virtual network computing, remote desktop, coin mining, and proxies.

• Anvilogic Use Cases:
• Inbound Request Compressed File
• Compressed File Execution
• MSIExec Install MSI File
• Executable Process from Suspicious Folder
• Modify Windows Defender