Pcrat

Malware updated 7 months ago (2024-11-29T14:23:26.719Z)
Download STIX
Preview STIX
PCrat is a notorious remote administration trojan, with its source code openly accessible on the public internet. This malware, along with KimJongRAT, has been identified as part of malicious cyber attacks. In our analysis, we found that these two malwares were used as the encoded secondary payload in BabyShark attacks, earning them the nickname "Cowboys". Their primary function appears to be information stealing and disruption of operations. The original filename "cow_pass.fig" suggests that KimJongRAT is primarily used for password extraction, while PCRat supports data exfiltration to Command and Control (C2) servers. These malware families have shown their adaptability and potential for future use in different configurations. While the current focus is on PCRat and KimJongRAT, threat actors may shift to other malware families in the future. In this case, PCRat was observed communicating with a C2 server at IP address 173.248.170[.]149:80. This shows the malware's ability to establish a connection with external servers, further highlighting its threat potential. Despite the threats posed by PCRat and KimJongRAT, defenses against them are robust. Our Intrusion Prevention System (IPS) engine effectively blocks both pre and post infection network communications from the BabyShark and PCRat malware families. By decoding the PCRat payload metadata, we can gain insights into the operation of the malware, allowing us to better anticipate and counter future attacks.
Description last updated: 2024-05-04T21:41:29.884Z
What's your take? (Question 1 of 2)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Kimjongrat is a possible alias for Pcrat. KimJongRAT is a potent form of malware, malicious software designed to infiltrate and damage computer systems, often without the user's knowledge. It primarily functions as an information stealer, extracting sensitive data such as email credentials from Microsoft Outlook and Mozilla Thunderbird, and
2
BabyShark is a possible alias for Pcrat. BabyShark is a malicious software (malware) that has been linked to the North Korean Advanced Persistent Threat (APT) group known as Kimsuky, also referred to as Thallium and Velvet Chollima. This malware, written in Microsoft Visual Basic script, was first identified in November 2018 and was used p
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Pcrat Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more