For almost three decades now, threat actors have used remote access trojans (RATs) to monitor user activity and steal sensitive information and credentials. The RAT’s surreptitious nature has cemented its spot in malicious actors’ malware arsenal, and over the years, it has evolved to include advanced functionalities, including remote code execution, browser decryption, C2 communication, and reconnaissance.

In the first two parts of our LockBit 5.0 series, we provided a comprehensive analysis of this cross-platform ransomware’s ESXi and Linux variants. This final installment features our analysis of LockBit 5.0’s Windows variant.