Home Malware Programs Remote Administration Tools PentagonRAT

PentagonRAT

Posted: May 2, 2017

Threat Metric

Threat Level: 8/10
Infected PCs: 9
First Seen: May 1, 2017
OS(es) Affected: Windows

PentagonRAT is a multi-purpose Trojan suite that grants remote attackers various means of harming your PC's security, including collecting information, establishing non-consensual network connections and encrypting your files. Portions of PentagonRAT's payload can include symptoms of high visibility, such as pop-up images. Always use anti-malware security features for removing PentagonRAT before it can complete its installation when you can.

The Pentagon: Now, More than Just the US Department of Defense

A new, entrepreneur-oriented threat actor has borrowed the 'Pentagon' moniker from the United States's DOD to market his or her latest threat project: a comprehensive Trojan suite that offers a handful of different features to anyone interested in renting it. Although its name classifies the PentagonRAT program as being a Remote Access Trojan with a backdoor control-based payload, malware analysts also took note of other attacks that this threat could deliver.

While its distribution numbers are in the middle of confirmation, the PentagonRAT's author is marketing the threatening software by demonstrating how its admins could distribute it within vulnerability-laced text documents. From there, PentagonRAT establishes a TCP-based network connection to allow the administrator to control it through a panel-based GUI. Features that malware experts find worthy of mentioning include:

  • PentagonRAT includes a keylogger module that lets it record the victim's keyboard input into a log file, which it may upload to the admin's server via the previously-established connection.
  • The Trojan also may monitor which Windows services are running and enable the admin to stop or start them at will.
  • Although not mandatory, PentagonRAT also includes significant support for different data-encrypting attacks, which lock your files by enciphering them. Con artists often use such attacks for demanding ransom money, and PentagonRAT supports several pop-up formats for loading ransom notes to show its victims.
  • This Trojan also may load Web pages through a variety of supported Web browsers, which the con artists could use for displaying more ransom-related instructions or exposing the system to additional threats such as an exploit kit.

Getting Your Computer Back in the Right Kind of Shape

As a product for the threat black market, PentagonRAT offers an unfocused but flexible variety of attack features that could be useful for blocking valuable files, collecting confidential content like passwords, or cementing a remote attacker's control over the infected PC. Although PentagonRAT's author is emphasizing document exploit-based means of distributing this Trojan's client-end components, PentagonRAT also may circulate through alternate means not covered here. Malware analysts have yet to be able to determine whether PentagonRAT is in active use for ransoming data from corporate, government or recreational systems.

PentagonRAT's encryption module provides several formats of images for displaying ransom-related pop-up attacks, which are extremely visible to any users. However, since the encryption of your local data occurs beforehand, waiting for such symptoms can cause you to be unable to access your files permanently. Use free decryption tools or backups, when they're necessary, for recovering any content that PentagonRAT locks and change all important passwords after disinfecting your PC.

Despite the threat's author boasting of the low detection rates of his project, a sharp minority of anti-malware products can remove PentagonRAT on sight. Having passive and proactive security features may be even more important than previously, with remote attackers looking to expand their cyber attacks into increasingly unpredictable avenues.

Related Posts

Loading...