AutoItRAT

AutoIt3 compiled RAT (LightToolV9). GetAsyncKeyState keylogger. BitBlt+GetDesktopWindow screen capture. VirtualAllocEx+WriteProcessMemory process injection. InternetOpenW+HttpSendRequestW HTTP C2. TCPCLOSESOCKET TCP. AdjustTokenPrivileges privilege escalation. BITXOR XOR obfuscation. Spoofed PE timestamp.

Threat Profile
Type RAT
Programming LanguageAutoIt
C2 ProtocolHTTP/TCP
First Seen2022
Targets Küresel
Purpose / Capabilities
  • Remote Access/Keylogger/Screenshot/Process Injection
No C2 servers have been identified for this family yet.

Research Reports (1)

High

AutoItRAT LightToolV9 -- GetAsyncKeyState Klavye Keylogger, BitBlt GetDesktopWindow Ekran Görüntüsü, VirtualAllocEx WriteProcessMemory Proses Enjeksiyonu, InternetOpenW HttpSendRequestW HTTP C2, AdjustTokenPrivileges Hak Yükseltme, BITXOR XOR Obfuskasyon | Yüksek

AutoItRAT LightToolV9.exe 962KB. GetAsyncKeyState klavye keylogger. BitBlt GetDesktopWindow ekran goruntüsü. VirtualAllocEx WriteProcessMemory proses enjeksiyonu. InternetOpenW HttpSendRequestW HTTP C2. AdjustTokenPrivileges hak yukseltme. BITXOR XOR obfuskasyon.

Read Report →