Trojan.SlayerRAT
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 80 % (High) |
Infected Computers: | 1 |
First Seen: | October 18, 2016 |
Last Seen: | July 8, 2018 |
OS(es) Affected: | Windows |
Trojan.SlayerRAT is a Remote Access Trojan (RAT) that is used to collect data from affected computer users. Trojan.SlayerRAT is being distributed commercially, meaning that practically anyone with the money to buy it or purchase a subscription can acquire Trojan.SlayerRAT and use it to carry out attacks on a target of their choice. The con artists responsible for developing Trojan.SlayerRAT are probably from Tunisia, according to a promotional video that was first seen on YouTube in February of 2016. Trojan.SlayerRAT is not the work of amateurs. Trojan.SlayerRAT has sophisticated properties that make it comparable to some of the most threatening RATs available, including Ratenjay and BlackShades. This is what makes Trojan.SlayerRAT particularly threatening since it puts advanced threat capabilities in the hands of amateurs with enough money to purchase a subscription to this threat.
How Trojan.SlayerRAT Carries out Its Attack
Trojan.SlayerRAT may be distributed using common threat delivery methods, such as infected email attachments or corrupted scripts contained in hijacked websites. However, Trojan.SlayerRAT has a second avenue of distribution, being capable of been distributed via worm-like features, which let Trojan.SlayerRAT to go from one infected computer to another. When Trojan.SlayerRAT first enters a computer it is installed in one of the following directories:
%AppData%
%ProgramData%
%TEMP%
%UserProfile%
There are some curious features of the Trojan.SlayerRAT attack that PC security researchers have noticed. Trojan.SlayerRAT is capable of carrying out its operations with limited user privileges and prevent victims from accessing the infected computer's desktop by enforcing a password. This turns Trojan.SlayerRAT into a combination of threat infection and a locker essentially. After Trojan.SlayerRAT enters the victim's computer, it makes sure that it can start up when the affected computer boots. Trojan.SlayerRAT will load even if the victim logs into Windows, running and asking for a password. Trojan.SlayerRAT can evade detection on the victim's computer, and even run commands using the Task Scheduler and Task Manager, which can allow Trojan.SlayerRAT to disable known security programs. Trojan.SlayerRAT is capable of altering the infected computer's network settings, establishing a proxy setup and redirecting the victim to certain websites. Trojan.SlayerRAT can change the Windows Registry and block the victim from accessing important Windows features such as the following:
- Account Administration
- CMD
- Control Panel
- Firewall
- Task Manager
- UAC (User Account Control)
- Windows update
- msconfig
Trojan.SlayerRAT Includes Certain Worm-Like Characteristics in Its Attack
Trojan.SlayerRAT has the ability to spread to other computers. This is a feature that is seen in worms (such as Dunihi) rather than in Trojans. Trojan.SlayerRAT also can copy itself to USB drives and other removable memory devices. Trojan.SlayerRAT will make it seem as if its executable file is a harmless file, often masking it as a DOCX, PDF, PPTX or SLSX file. Once Trojan.SlayerRAT has been installed on the victim's computer, the con artists behind the Trojan.SlayerRAT can access the infected computer using a server client that is hosted on the victim's computer. Trojan.SlayerRAT can relay information about the infected computer that can include the victim's IP address, the operating system version, devices connected to the infected computer and a list of running programs. Con artists can use Trojan.SlayerRAT to send threatening audio and text messages to the victim taking advantage of the Windows Messaging service. Trojan.SlayerRAT is particularly difficult to remove effectively. Numerous computer users have reported that the Trojan.SlayerRAT infection will remain on their computers even after steps have been taken to remove it completely.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.