216.73.216.86

NEPTUNE RAT: An advanced Windows RAT with System Destruction Capabilities and Password Exfiltration from 270+ Applications

· Published 09/04/2025 07:52 · Modified 09/04/2025 08:43

Export JSON

Essential information

Published
09/04/2025 07:52
Modified
09/04/2025 08:43
Tags
2025-04-09 anti-analysis neptune rat remote access trojan
Related entities
24 observables, 1 intrusion sets (apt), 8 techniques (mitre), 1 malware

Description

, a sophisticated Windows-based , has emerged with advanced capabilities including system destruction and password exfiltration from over 270 applications. It employs PowerShell commands for deployment, leveraging catbox.moe for hosting malicious scripts. The malware incorporates techniques, persistence methods, and dangerous features such as ransomware, crypto clipping, and live desktop monitoring. It uses obfuscation, including Arabic characters, to evade detection. The RAT's modular structure allows for various malicious activities, including clipboard manipulation, email credential theft, and Master Boot Record corruption. Its distribution through platforms like GitHub and its evolving nature pose significant risks to both individuals and organizations.

External references