ArtraDownloader

Description

(Palo Alto) Overall, the ArtraDownloader malware family is not sophisticated, leveraging simple registry keys for persistence and HTTP requests to download and execute a remote file. Important strings within these samples are obfuscated by adding or subtracting from each byte within a string. This same obfuscation routine is used when sending data via HTTP.

This downloader has frequently been observed downloading the Remote Access Trojan (RAT) BitterRAT which is associated with BITTER threat operations.

Names

Name
ArtraDownloader
Artra Downloader

Type

Downloader

Information

https://unit42.paloaltonetworks.com/multiple-artradownloader-variants-used-by-bitter-to-target-pakistan/

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.artra

Alienvault Otx

https://otx.alienvault.com/browse/pulses?q=tag:ArtraDownloader

Other Information

Uuid

b8d91e49-6460-40aa-9a70-28398600fb95

Last Card Change

2022-12-28

Threat Intelligence Garden

Explorer

ArtraDownloader

ArtraDownloader

Description

Names

Category

Type

Information

Malpedia

Alienvault Otx

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks