Hotrat

Malware Profile Updated 24 days ago
Download STIX
Preview STIX
HotRat is a potent malware that has been identified by Avast researchers as a .NET reimplementation of AsyncRat. This new strain of Remote Access Trojan (RAT) comes with nearly 20 commands, each capable of executing a .NET module retrieved from a remote server. This allows the threat actors to extend its features as needed. HotRat is being distributed worldwide through free, pirated versions of popular software and utilities such as video games, image and sound editing software, and Microsoft Office. The malware uses a malicious AutoHotkey script to install itself on a compromised system, simultaneously weakening system security by disabling the Consent Admin and altering Windows Defender settings. Once infiltrated, HotRat has an array of capabilities including stealing login credentials, cryptocurrency wallets, screen capturing, keylogging, installing more malware, and gaining access to or altering clipboard data. It can effectively turn off antivirus software to avoid detection and removal. In addition to stealing personal information, it can take screenshots of user activities and invite additional malware onto the infected system. This makes HotRat a significant cybersecurity threat, likened to an uninvited guest who crashes your party, consumes all your resources, and then steals your valuable assets. The infection chain typically begins with the bundling of cracked software available online via torrent sites with a malicious AutoHotkey script. This initiates a process designed to deactivate antivirus solutions on the compromised host and ultimately launch the HotRat payload using a Visual Basic Script loader. Given its wide distribution and multifaceted capabilities, users are advised to be cautious about downloading suspicious or pirated software to prevent HotRat infection. As of my knowledge cutoff in September 2021, there's no evidence to suggest that HotRat can directly infect WiFi networks; however, once a device connected to a network is compromised, other devices on the same network could potentially be at risk.
What's your take? (Question 1 of 2)
ca3b22ef-2596-4d74-8b23-92a4bfe68c47 Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Windows
Malware
Trojan
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Hotrat Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
10 months ago
HotRat Trojan Removal Guide [Fix]
CERT-EU
10 months ago
Unmasking HotRat: The hidden dangers in your software downloads
CERT-EU
10 months ago
Hackers Deliver HotRat as Hidden Scripts in cracked software
CERT-EU
10 months ago
HotRat: New Variant of AsyncRAT Malware Spreading Through Pirated Software
CERT-EU
10 months ago
HotRat malware has wideranging capabilities
CERT-EU
10 months ago
Hackers Deliver HotRat as Hidden Scripts in cracked software | IT Security News
CERT-EU
9 months ago
Cyber threat risks reach three-year high – Avast