1. Home
  2. Software
  3. P8RAT

P8RAT

P8RAT is a fileless malware used by menuPass to download and execute payloads since at least 2020.[1]

ID: S0626
Associated Software: HEAVYPOT, GreetCake
Type: MALWARE
Platforms: Windows
Version: 1.0
Created: 21 June 2021
Last Modified: 14 October 2021

Associated Software Descriptions

Name Description
HEAVYPOT

[1]
GreetCake

[1]
Enterprise Layer
download view

Techniques Used

Domain ID Name Use
Enterprise T1001 .001 数据混淆: Junk Data

P8RAT can send randomly-generated data as part of its C2 communication.[1]
Enterprise T1497 .001 虚拟化/沙盒规避: System Checks

P8RAT can check the compromised host for processes associated with VMware or VirtualBox environments.[1]
.003 虚拟化/沙盒规避: Time Based Evasion

P8RAT has the ability to "sleep" for a specified time to evade detection.[1]
Enterprise T1105 输入工具传输

P8RAT can download additional payloads to a target system.[1]
Enterprise T1057 进程发现

P8RAT can check for specific processes associated with virtual environments.[1]

Groups That Use This Software

ID Name References
G0045 menuPass

[1]

References

  1. GREAT. (2021, March 30). APT10: sophisticated multi-layered loader Ecipekac discovered in A41APT campaign. Retrieved June 17, 2021.