BTC $65266.0064
ETH $3170.2759
BNB $579.9567
SOL $151.5810
stETH $3170.3792
XRP $0.5307
DOGE $0.1622
TON $6.2152
ADA $0.5047
AVAX $37.5087
wstETH $3690.1011
WBTC $65350.8728
DOT $7.1858
WETH $3168.2550
TRX $0.1112
BCH $512.3933
LINK $14.9136
MATIC $0.7262
ICP $15.2978
UNI $7.8248
LTC $85.1449
DAI $1.0008
RNDR $9.1190
CAKE $2.9399
IMX $2.1935
STX $2.8650
ETC $27.9082
FDUSD $0.9998
MNT $1.2003
NEAR $6.3271
FIL $6.6129
OKB $55.7832
HBAR $0.0909
TAO $475.1056
VET $0.0423
WIF $3.0785
ATOM $8.6865
MKR $3070.6157
KAS $0.1185
FET $2.4759
GRT $0.2860
INJ $29.1371
PEPE $0.0000
USDE $0.9998
XLM $0.1150
THETA $2.2569
XMR $121.6010
BTC $65266.0064
ETH $3170.2759
BNB $579.9567
SOL $151.5810
stETH $3170.3792
XRP $0.5307
DOGE $0.1622
TON $6.2152
ADA $0.5047
AVAX $37.5087
wstETH $3690.1011
WBTC $65350.8728
DOT $7.1858
WETH $3168.2550
TRX $0.1112
BCH $512.3933
LINK $14.9136
MATIC $0.7262
ICP $15.2978
UNI $7.8248
LTC $85.1449
DAI $1.0008
RNDR $9.1190
CAKE $2.9399
IMX $2.1935
STX $2.8650
ETC $27.9082
FDUSD $0.9998
MNT $1.2003
NEAR $6.3271
FIL $6.6129
OKB $55.7832
HBAR $0.0909
TAO $475.1056
VET $0.0423
WIF $3.0785
ATOM $8.6865
MKR $3070.6157
KAS $0.1185
FET $2.4759
GRT $0.2860
INJ $29.1371
PEPE $0.0000
USDE $0.9998
XLM $0.1150
THETA $2.2569
XMR $121.6010
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • New hidden Trojan attacks Windows


    Securonix researchers have discovered a Python-based RAT Trojan that gives its operators full control over compromised systems.

    The experts named the Trojan PY#RATION. It uses the WebSocket protocol to communicate with the command and control (C2) server and to retrieve data from the victim host. The PY#RATION malware is distributed through a phishing campaign that uses password-protected ZIP archives containing two LNK tags disguised as front.jpg.lnk and back.jpg.lnk images.

    When launching the shortcuts, the victim sees photos of the driver's license. At this time, malicious code is executed to communicate with C2 and download two TXT files "front.txt" and "back.txt", which are then renamed to BAT files to execute malware.

    When launched, the malware creates the "Cortana" and "Cortana/Setup" directories in the user's temporary directory and then downloads, unpacks, and runs additional executable files from that location. Persistence is established by adding the "CortanaAssist.bat" batch file to the user's startup directory. The use of Cortana aims to disguise malware entries as system files.

    PY#RATION is a Python-based RAT Trojan packaged into an executable using automatic packagers such as "pyinstaller" and "py2exe" that can convert Python code into Windows executables that include all the libraries required to execute it.

    This approach results in an increase in payload size, which helps malware avoid detection.

    Among the features of the PY#RATION RAT version are the following:

    • network enumeration;
    • transferring files from a compromised system to C2 or vice versa;
    • keylogging;
    • execution of shell commands;
    • enumeration of hosts;
    • extracting passwords and cookies from browsers;
    • theft of data from the clipboard;
    • detection of antivirus tools on the device.

    The use of the WebSocket protocol allows the Trojan to communicate with C2 over a single TCP connection using ports that are usually left open (80 and 443). At the moment, details about specific campaigns using this malware and its targets, distribution volume, and the operators behind it remain unclear.

    Author DeepWeb
    Malware exploited Realtek SDK critical bug in millions of attacks
    Microdosing of psychedelics

    Comments 0

    Add comment