New I2PRAT communicates via anonymous peer-to-peer network

Dec. 16, 2024, 12:33 p.m.

Description

A novel malware strain, I2PRAT, has been discovered utilizing the I2P network for command and control communication. The infection begins with a phishing email leading to a fake CAPTCHA page, which tricks users into executing a malicious PowerShell script. The malware employs UAC bypass, Microsoft Defender evasion techniques, and WFP filters to render the victim's machine vulnerable. The RAT's modular structure includes various plugins for different functionalities, such as downloading files, enabling RDP, managing user accounts, and creating scheduled tasks. The malware has been active since at least March 2024 and may be distributed through PrivateLoader.

External References

https://www.gdatasoftware.com/blog/2024/12/38093-ip2rat-malware
https://otx.alienvault.com/pulse/67600198d28ca61394723e6e
Tags
phishing
uac bypass
privateloader
2024-12-16
i2p
i2prat

Date

  • Created: Dec. 16, 2024, 10:31 a.m.
  • Published: Dec. 16, 2024, 10:31 a.m.
  • Modified: Dec. 16, 2024, 12:33 p.m.

Attack Patterns

  • I2PRAT
  • PrivateLoader
  • T1562.004
  • T1021.001
  • T1548.002
  • T1543.003
  • T1053.005
  • T1555.003
  • T1136
  • T1566.002
  • T1547.001
  • T1095
  • T1562.001
  • T1055