What is VanillaRat 1.7?
VanillaRat 1.7 is a lightweight but potent Windows/Linux RAT distributed through phishing campaigns, malicious downloads, and exploit kits. Its 2024 iteration features process hollowing, encrypted C2 communications via Discord/Tor, and a modular plugin system that allows attackers to add functionality post-infection. The malware specializes in credential harvesting, screen recording, and keylogging while maintaining an exceptionally small footprint (under 2MB). Recent variants have been observed using AI-generated decoy documents to trick victims into executing the payload, demonstrating frightening social engineering sophistication for a traditionally “low-tier” threat.Detailed Features & Capabilities
1.Core Surveillance Functions
- Live Screen Viewing: 15FPS remote desktop streaming with adjustable quality
- Webcam/Mic Hijacking: Activated by motion detection or voice triggers
- Keystroke Logging: Captures input even in secure text fields
- Clipboard Monitoring: Targets cryptocurrency wallet addresses
2. Network Propagation
- Active Directory Exploitation: Uses Mimikatz-derived credential dumping
- SMB Vulnerability Scanner: Identifies vulnerable Windows shares
- Worm Module: Auto-spreads via USB drives and network shares
3. Evasion Mechanisms
- Polymorphic Loader: Changes code signature with each execution
- User Behavior Analysis: Pauses activity during active computer use
- Cloud-Based C2: Uses Discord webhooks and Telegram bots as fallbacks.
