RAT
I2PRAT
aka I2Parcae
According to Cofense, this malware is notable for having several unique tactics, techniques, and procedures (TTPs), such as Secure Email Gateway (SEG) evasion by proxying emails through legitimate inf
I2PRAT, also known as I2Parcae, is a Windows rat.
Background
Cofense highlights this malware for several distinctive tactics, techniques, and procedures (TTPs): evading Secure Email Gateways (SEG) by routing emails through legitimate infrastructure, presenting fake CAPTCHAs, leveraging built-in Windows functionality to conceal dropped files, and conducting C2 over the Invisible Internet Project (I2P), an end-to-end encrypted peer-to-peer anonymity network. Once installed, I2Parcae can switch off Windows Defender, enumerate accounts and groups via the Windows Security Accounts Manager (SAM), steal browser cookies, and provide remote access to compromised hosts. As of November 2024, it is reportedly spread through automated spam aimed at customer-support contact forms across numerous websites, with each message carrying an embedded link disguised as pornography.
Source: Malpedia (Fraunhofer FKIE).