The Ekipa RAT is a potent piece of malware with an extensive set of intrusive features. The threat has been observed being sold on hacker forums for the price of $4500. Compared to some other RAT threats being offered for purchase, the price seems a bit steep, but apparently, the developers of Ekipa believe that their threatening creation is worth that much. And looking at the potential damage that could be caused via the threat, Ekipa could indeed be utilized in a variety of different attack operations.
Once it has infected the victim's computer, this RAT (Remote Access Trojan) will start its activity by collecting various system data. Ekipa will obtain the device's IP address, hardware data (CPU and GPU models, installed RAM), number of drives and the free space on each of them, create a list of installed anti-malware programs, collect the domain and user names and more.
The threat can manipulate the file system on the device, meaning that the attackers can perform various actions with the stored files and data. They can exfiltrate chosen files and folders or instruct Ekipa to fetch and download additional files to the device, potentially infecting it with other more specialized malware. In addition, the hackers can delete, move, or rename the victim's files. One of the more harmful abilities of the threat is to run executable files, as well as carry out arbitrary commands received from the attackers. By purchasing Ekipa, cybercriminals also receive access to a control panel and the tools necessary for the creation of custom-threatening MS word macros, Excel add-ins and more.