Loda RAT, first detected in 2017 which now slowly matures up into an effective remote access Trojan, yet simple. It steal username/passwords, session cookies and can take screenshots too. Its current version in wild is 1.1.1. Infection process is simple, it started with a phishing e-mail with Microsoft Word document as attachment.
The document is obfuscated which hide it from AV detection. Once the document is opened a MSI file is downloaded and executed which smuggle data from victim machine to it Command and Control server.