From infostealer to full RAT: dissecting the PureRAT attack chain

Oct. 10, 2025, 9:09 p.m.

Description

An investigation into what appeared at first glance to be a “standard” Python-based infostealer campaign took an interesting turn when it was discovered to culminate in the deployment of a full-featured, commercially available remote access trojan (RAT) known as PureRAT.

External References

https://www.bleepingcomputer.com/news/security/from-infostealer-to-full-rat-dissecting-the-purerat-attack-chain/
https://otx.alienvault.com/pulse/68e96e29b73e5334019b8810
Tags
python
infostealer
purecrypter
service
purelogs
telegram
winrar
zip archive
purerat
pxa stealer
2025-10-10
lonenone
cryptoloader
netloader
pythonloader

Date

  • Created: Oct. 10, 2025, 8:35 p.m.
  • Published: Oct. 10, 2025, 8:35 p.m.
  • Modified: Oct. 10, 2025, 9:09 p.m.

Indicators

  • f6ed084aaa8ecf1b1e20dfa859e8f34c4c18b7ad7ac14dc189bc1fc4be1bd709
  • f5e9e24886ec4c60f45690a0e34bae71d8a38d1c35eb04d02148cdb650dd2601
  • 06fc70aa08756a752546198ceb9770068a2776c5b898e5ff24af9ed4a823fd9d
  • 157.66.26.209
  • https://is.gd/s5xknuj2
  • https://paste.rs/fVmzS
  • https://0x0.st/8WBr.py
Download all indicators here!

Attack Patterns

  • PXA
  • PureRAT