PentagonRAT
Posted: May 2, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 8/10 |
---|---|
Infected PCs: | 9 |
First Seen: | May 1, 2017 |
---|---|
OS(es) Affected: | Windows |
PentagonRAT is a multi-purpose Trojan suite that grants remote attackers various means of harming your PC's security, including collecting information, establishing non-consensual network connections and encrypting your files. Portions of PentagonRAT's payload can include symptoms of high visibility, such as pop-up images. Always use anti-malware security features for removing PentagonRAT before it can complete its installation when you can.
The Pentagon: Now, More than Just the US Department of Defense
A new, entrepreneur-oriented threat actor has borrowed the 'Pentagon' moniker from the United States's DOD to market his or her latest threat project: a comprehensive Trojan suite that offers a handful of different features to anyone interested in renting it. Although its name classifies the PentagonRAT program as being a Remote Access Trojan with a backdoor control-based payload, malware analysts also took note of other attacks that this threat could deliver.
While its distribution numbers are in the middle of confirmation, the PentagonRAT's author is marketing the threatening software by demonstrating how its admins could distribute it within vulnerability-laced text documents. From there, PentagonRAT establishes a TCP-based network connection to allow the administrator to control it through a panel-based GUI. Features that malware experts find worthy of mentioning include:
- PentagonRAT includes a keylogger module that lets it record the victim's keyboard input into a log file, which it may upload to the admin's server via the previously-established connection.
- The Trojan also may monitor which Windows services are running and enable the admin to stop or start them at will.
- Although not mandatory, PentagonRAT also includes significant support for different data-encrypting attacks, which lock your files by enciphering them. Con artists often use such attacks for demanding ransom money, and PentagonRAT supports several pop-up formats for loading ransom notes to show its victims.
- This Trojan also may load Web pages through a variety of supported Web browsers, which the con artists could use for displaying more ransom-related instructions or exposing the system to additional threats such as an exploit kit.
Getting Your Computer Back in the Right Kind of Shape
As a product for the threat black market, PentagonRAT offers an unfocused but flexible variety of attack features that could be useful for blocking valuable files, collecting confidential content like passwords, or cementing a remote attacker's control over the infected PC. Although PentagonRAT's author is emphasizing document exploit-based means of distributing this Trojan's client-end components, PentagonRAT also may circulate through alternate means not covered here. Malware analysts have yet to be able to determine whether PentagonRAT is in active use for ransoming data from corporate, government or recreational systems.
PentagonRAT's encryption module provides several formats of images for displaying ransom-related pop-up attacks, which are extremely visible to any users. However, since the encryption of your local data occurs beforehand, waiting for such symptoms can cause you to be unable to access your files permanently. Use free decryption tools or backups, when they're necessary, for recovering any content that PentagonRAT locks and change all important passwords after disinfecting your PC.
Despite the threat's author boasting of the low detection rates of his project, a sharp minority of anti-malware products can remove PentagonRAT on sight. Having passive and proactive security features may be even more important than previously, with remote attackers looking to expand their cyber attacks into increasingly unpredictable avenues.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.