A Deep Dive Into poweRAT: a Newly Discovered Stealer/RAT Combo Polluting PyPI
Tags
Common Information
| Type | Value |
|---|---|
| UUID | 29b56be7-b32d-410d-a16f-11c2108011d9 |
| Fingerprint | c308a12d08dd196 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Feb. 28, 2023, midnight |
| Added to db | March 4, 2023, 6:52 p.m. |
| Last updated | Nov. 17, 2024, 6:54 p.m. |
| Headline | A Deep Dive Into poweRAT: a Newly Discovered Stealer/RAT Combo Polluting PyPI |
| Title | A Deep Dive Into poweRAT: a Newly Discovered Stealer/RAT Combo Polluting PyPI |
| Detected Hints/Tags/Attributes | 57/1/52 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 506 | ✔ | — | https://blog.phylum.io/rss.xml | 2024-08-31 10:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 71 | transfer.sh |
|
| Details | Domain | 4 | style.py |
|
| Details | Domain | 138 | setup.py |
|
| Details | Domain | 2 | updater.zip |
|
| Details | Domain | 22 | update.zip |
|
| Details | Domain | 1 | result.stdout.read |
|
| Details | Domain | 1 | cftunnel.py |
|
| Details | Domain | 1 | cgrab.py |
|
| Details | Domain | 4 | discord.py |
|
| Details | Domain | 1 | pwgrab.py |
|
| Details | Domain | 372 | wscript.shell |
|
| Details | Domain | 35 | app.run |
|
| Details | Domain | 13 | shortcut.save |
|
| Details | Domain | 54 | re.search |
|
| Details | Domain | 15 | trycloudflare.com |
|
| Details | File | 4 | style.py |
|
| Details | File | 127 | setup.py |
|
| Details | File | 3 | updater.zip |
|
| Details | File | 24 | update.zip |
|
| Details | File | 65 | python.exe |
|
| Details | File | 376 | wscript.exe |
|
| Details | File | 1 | c:\programdata\updater\launch.vbs |
|
| Details | File | 1208 | powershell.exe |
|
| Details | File | 1 | c:\programdata\updater\server.py |
|
| Details | File | 3 | launch.vbs |
|
| Details | File | 19 | server.py |
|
| Details | File | 1 | cftunnel.py |
|
| Details | File | 1 | cgrab.py |
|
| Details | File | 4 | discord.py |
|
| Details | File | 1 | pwgrab.py |
|
| Details | File | 13 | shortcut.tar |
|
| Details | File | 11 | 'wscript.exe |
|
| Details | File | 1 | c:\\programdata\\updater\\launch.vbs |
|
| Details | File | 1 | c:\\programdata\\updater\\server.py |
|
| Details | File | 1 | firstrun.txt |
|
| Details | File | 1 | control.html |
|
| Details | File | 1 | live.html |
|
| Details | File | 8 | screen.png |
|
| Details | File | 10 | event.key |
|
| Details | sha256 | 1 | 5397800c26dc73bd3dfbd91aa88964244bc8d8dc9cc533fe25f9457d317354f9 |
|
| Details | sha256 | 1 | 5904cf32df705d6e5c9ad730ee425382922e5bd13d1d67212342e374d57f71c3 |
|
| Details | sha256 | 1 | ede874db1e28252914553871ff9528544894e1785e8b6cd093ebe586c8472997 |
|
| Details | sha256 | 1 | d0a42a9a0897e762da6b2d3796d03934dc8c2f6d7d2308dc65231497399df145 |
|
| Details | sha256 | 1 | 96a2b383be58f0896d50ca93e23009729f1decfa84b6a837190dd6795227b6c6 |
|
| Details | sha256 | 1 | eeef39f59c56eca1198a05f272fa27da0ba745657a59c07c13939120513495ba |
|
| Details | IPv4 | 1441 | 127.0.0.1 |
|
| Details | Url | 1 | https://transfer.sh/0tuiju/updater.zip |
|
| Details | Url | 1 | http://127.0.0.1:8099/metrics |
|
| Details | Url | 1 | https://itduh2irtgjfx5gvmdxfkcetmgvmgyaqzayhruau4v57747funxuhoqd.onion.pet/ping?tunnel={tunnel_url}&uuid={uuid}&username={username} |
|
| Details | Url | 5 | https://transfer.sh |
|
| Details | Url | 1 | https://transfer.sh/{uuid}.zip").split |
|
| Details | Url | 1 | https://itduh2irtgjfx5gvmdxfkcetmgvmgyaqzayhruau4v57747funxuhoqd.onion.pet/save?uuid={uuid}&link={link}&date={date}&username={username} |