The RAT (Remote Administration Tool) - II

Posted by Sharan R On 7:11 AM

Why RAT's Don't Get Detected

So we are back to the second part of The RAT Remote Administration Tool. In this section we will learn how an attacker manages to hide a RAT in victim's computer, if you are new visitor or you haven't read the first part I urge you to please go through previous post on The RAT before you read this.

Before we proceed I want to tell you there's no RAT tool available whose server can not get detected by an Anti-Virus program. At practical level every Anti-Virus program can detect RAT developed by all possible free as well as commercially available RAT developing tools. Then how an attacker manages to implement an attack on you. Following may be the reasons, why you may become victim to his/his attack,

  1. Your Anti-Virus Sucks
  2. The attacker has created his/her own RAT client
  3. He had got a custom RAT client from RAT client vendor
  4. Applied Hex-editing on his RAT server EXE
  5. Attacker has used crypt or

As I always tell you hacking evolves by fractions of minutes to fractions of seconds, RAT clients also gets updated and hence your Anti-Virus too needs to be updated. If you don't update it means you are inviting more and more troubles than just RAT, always update your Anti-Virus programs or let its auto-update option enabled. In any other case than this if your Anti-Virus fails to detect RAT it means it is total crap UN-install it and use some another Anti-Virus program.

The second case is the attacker is master programmer and he/she has used his/her master programmer skill to develop a new custom RAT client. Since the code is new, no Anti-Virus will have its definition ultimately making it Fully UN-Detectable (FUD). It is really very hard to keep yourself safe from such kinda RAT since it is hard to detect before damage is done.

Some vendors also offer custom RAT clients for special price, again due to its code being new any Anti-Virus program will hardly have its definition and hence even this works. Next is hex-editing, it is one of the most difficult thing to do for changing signature of the RAT server(our virus) file. So far as I know it is really very difficult and attacker must be having powerful hand over understanding different number systems and machine level codes, also it is very time consuming process. If you want to know how it is done then Rahul Tyagi has offered a pro tutorial on his blog www.salienthacker.in on hex-editing.

Last is one of the most easiest methods and due to which a VIRUS code becomes Fully Undetectable. The use of crypt-or software avoids the job of recoding and hex-editing and mutates the signature of virus file in such a way that it works fine but its code generates different signature which is not anyhow matches the previous signature, thus making is undetectable.

Other factor that leads to hide RAT in your system is process space sharing. In this the RAT server file shares process space of system processes or well known process like,
explorer.exe
svchost.exe
services.exe

And the last factor that let them do their job is port number. Many RAT clients will use regularly used port numbers to establish connections like HTTP port 80, HTTP proxy port 8080, FTP port 21 and uses any kinda connection may it be TCP or UDP.

So above are some reasons why a RAT server doesn't get detected when all codes are available to Anti-Virus vendors. So the next time we meet we'll discus how you can prevent yourself from a RAT attack.

19 comments

  1. Blogger Said,

    Posted on March 31, 2018 at 7:44 AM

     
  2. Anonymous Said,

    It has been simply incredibly generous with you to provide openly what exactly many individuals would’ve marketed for an eBook to end up making some cash for their end, primarily given that you could have tried it in the event you wanted.
    Digital Marketing Training in Chennai

    Posted on August 27, 2018 at 12:37 AM

     
  3. gowsalya Said,

    I wish to show thanks to you just for bailing me out of this particular trouble.As a result of checking through the net and meeting techniques that were not productive, I thought my life was done.
    full stack developer training in chennai

    Posted on August 27, 2018 at 2:34 AM

     
  4. Mounika Said,

    After reading this web site I am very satisfied simply because this site is providing comprehensive knowledge for you to audience. Thank you to the perform as well as discuss anything incredibly important in my opinion. We loose time waiting for your next article writing in addition to I beg one to get back to pay a visit to our website in
    Click here:
    python training in velachery
    Click here:
    python training in OMR

    Posted on September 6, 2018 at 4:22 AM

     
  5. Unknown Said,

    Excellant post!!!. The strategy you have posted on this technology helped me to get into the next level and had lot of information in it.
    Blueprism training in Chennai

    Blueprism training in Bangalore

    Blueprism training in Pune

    Blueprism online training

    Posted on September 13, 2018 at 5:55 AM

     
  6. nilashri Said,

    Posted on September 14, 2018 at 6:33 AM

     
  7. Unknown Said,

    I really like the dear information you offer in your articles. I’m able to bookmark your site and show the kids check out up here generally. Im fairly positive theyre likely to be informed a great deal of new stuff here than anyone

    angularjs Training in bangalore

    angularjs Training in btm

    angularjs Training in electronic-city

    angularjs online Training

    angularjs Training in marathahalli

    Posted on October 6, 2018 at 2:15 AM

     
  8. Mounika Said,

    Good Post! Thank you so much for sharing this pretty post, it was so good to read and useful to improve my knowledge as updated one, keep blogging.
    python training in pune | python training institute in chennai | python training in Bangalore

    Posted on October 19, 2018 at 12:40 AM

     
  9. Ishu Sathya Said,

    Posted on October 29, 2018 at 10:34 PM

     
  10. priya Said,

    Its really an Excellent post. I just stumbled upon your blog and wanted to say that I have really enjoyed reading your blog. Thanks for sharing....

    Microsoft Azure online training
    Selenium online training
    Java online training
    Java Script online training
    Share Point online training

    Posted on March 2, 2019 at 2:50 AM

     
  11. divya Said,

    I simply wanted to write down a quick word to say thanks to you for those wonderful tips and hints you are showing on this site.keep it up.
    Ai & Artificial Intelligence Course in Chennai
    PHP Training in Chennai
    Ethical Hacking Course in Chennai Blue Prism Training in Chennai
    UiPath Training in Chennai

    Posted on June 5, 2020 at 9:03 PM

     
  12. saran Said,

    Posted on June 7, 2020 at 8:59 PM

     
  13. Spam Leads Said,

    ACTIVE & FRESH CC FULLZ WITH BALANCE

    Price $5 per each CC

    DETAILS
    =>CARD TYPE
    =>FIRST NAME & LAST NAME
    =>CC NUMBER
    =>EXPIRY DATE
    =>CVV
    =>FULL ADDRESS (ZIP CODE, CITY/TOWN, STATE)
    =>PHONE NUMBER,DOB,SSN
    =>MOTHER'S MAIDEN NAME
    =>VERIFIED BY VISA
    =>CVV2

    *Time wasters or cheap questioners please stay away
    *You can buy for your specific states too
    *Payment in advance

    Contact Us:
    -->Whatsapp > +923172721122
    -->Email > leads.sellers1212@gmail.com
    -->Telegram > @leadsupplier
    -->ICQ > 752822040

    US FRESH, TESTED & VERIFIED SSN LEADS
    $1 PER EACH

    (INFO)

    First Name | Last Name | SSN | Dob | Address | State | City | Zip | Phone Number | Account Number | Bank NAME | DL Number |

    Home Owner | IP Address | MMN | Income

    *Hope for the long term deal
    *If anyone need leads In bulk, I'll definetly negotiate

    US DUMP TRACK 1 & 2 WTIH PIN CODES ALSO AVAILABLE

    Posted on June 13, 2020 at 12:31 PM

     
  14. Jayalakshmi Said,

    Thanks for sharing such informative guide on .Net technology. This post gives me detailed information about the .net technology. I am working as trainer in leading IT training academy offering Dot Net Training in Chennai and i use your guide to educate my students.




    Dot Net Training in Chennai | Dot Net Training in anna nagar | Dot Net Training in omr | Dot Net Training in porur | Dot Net Training in tambaram | Dot Net Training in velachery

    Posted on June 22, 2020 at 8:43 AM

     
  15. If you are in need of financial Help, don't hesitate to place order for deserve Programmed card that can withdraw any amount limit you want. Deserve Card are very transparent and easy to deal with. You can Purchase Deserve card that can withdraw up to $50,000 to $100,000 limit without being detected because of the programming of the card.  I'm extremely grateful to them for being honest with their words and delivering the card to me. This is the third day of receiving the card and i have withdraw $9,500 from the Deserve Programmed Card. I tried purchasing the card previously from someone else, but it never arrived until i tried skylink technology for those in need of more money, you can also contact them. you can place order for the card Via whatsapp/telegram +1(213)785-1553  or their E-mail: skylinktechnes@yahoo.com 

    Posted on September 1, 2020 at 6:06 AM

     
  16. No Name Said,

    Selling USA FRESH SSN Leads/Fullz, along with Driving License/ID Number with good connectivity.

    **PRICE FOR ONE LEAD/FULLZ 2$**

    All SSN's are Tested & Verified. Fresh spammed data.

    **DETAILS IN LEADS/FULLZ**

    ->FULL NAME
    ->SSN
    ->DATE OF BIRTH
    ->DRIVING LICENSE NUMBER
    ->ADDRESS WITH ZIP
    ->PHONE NUMBER, EMAIL
    ->EMPLOYEE DETAILS

    ->Bulk order negotiable
    ->Minimum buy 25 to 30 leads/fullz
    ->Hope for the long term business
    ->You can asked for specific states too

    **Contact 24/7**

    Whatsapp > +923172721122

    Email > leads.sellers1212@gmail.com

    Telegram > @leadsupplier

    ICQ > 752822040

    Posted on October 9, 2020 at 7:05 PM

     
  17. No Name Said,

    Selling USA FRESH SPAMMED SSN Leads/Fullz, along with Driving License/ID Number with EXCELLENT connectivity.

    **PRICE**
    >>2$ FOR EACH LEAD/FULLZ/PROFILE
    >>5$ FOR EACH PREMIUM LEAD/FULLZ/PROFILE

    **DETAILS IN EACH LEAD/FULLZ**

    ->FULL NAME
    ->SSN
    ->DATE OF BIRTH
    ->DRIVING LICENSE NUMBER WITH EXPIRY DATE
    ->ADDRESS WITH ZIP
    ->PHONE NUMBER, EMAIL, I.P ADDRESS
    ->EMPLOYEE DETAILS
    ->REALTIONSHIP DETAILS
    ->MORTGAGE INFO
    ->BANK ACCOUNT DETAILS

    >All Leads are Tested & Verified.
    >Invalid info found, will be replaced.
    >Serious buyers will be welcome & I will give discounts for bulk orders.
    >Fresh spammed data of USA Credit Bureau
    >Good credit Scores, 700 minimum scores
    >Bulk order will be preferable
    >Minimum order 20 leads/fullz
    >Hope for the long term business
    >You can asked for samples, specific states & zips (if needed)
    >Payment mode BTC, PAYPAL & PERFECT MONEY

    Email > leads.sellers1212@gmail.com
    Telegram > @leadsupplier
    ICQ > 752822040

    ''OTHER GADGETS PROVIDING''

    >Dead Fullz
    >Carding Tutorials
    >Hacking Tutorials
    >SMTP Linux Root
    >DUMPS with pins track 1 and 2
    >Sock Tools
    >Server I.P's
    >USA emails with passwords (bulk order preferable)

    **Contact 24/7**

    Email > leads.sellers1212@gmail.com
    Telegram > @leadsupplier
    ICQ > 752822040

    Posted on January 13, 2021 at 12:28 PM

     
  18. No Name Said,

    **SELLING SSN+DOB FULLZ**

    CONTACT
    Telegram > @leadsupplier
    ICQ > 752822040
    Email > leads.sellers1212@gmail.com

    >>1$ each without DL/ID number
    >>2$ each with DL
    >>5$ each for premium (also included relative info)

    *Will reduce price if buying in bulk
    *Hope for a long term business

    FORMAT OF LEADS/FULLZ/PROS

    ->FULL NAME
    ->SSN
    ->DATE OF BIRTH
    ->DRIVING LICENSE NUMBER WITH EXPIRY DATE
    ->COMPLETE ADDRESS
    ->PHONE NUMBER, EMAIL, I.P ADDRESS
    ->EMPLOYMENT DETAILS
    ->REALTIONSHIP DETAILS
    ->MORTGAGE INFO
    ->BANK ACCOUNT DETAILS

    >Fresh Leads for tax returns & w-2 form filling
    >Payment mode BTC, ETH, LTC, PayPal, USDT & PERFECT MONEY

    ''OTHER GADGETS PROVIDING''

    >SSN+DOB Fullz
    >CC with CVV
    >Photo ID's
    >Dead Fullz
    >Spamming Tutorials
    >Carding Tutorials
    >Hacking Tutorials
    >SMTP Linux Root
    >DUMPS with pins track 1 and 2
    >Sock Tools
    >Server I.P's
    >HQ Emails with passwords

    Email > leads.sellers1212@gmail.com
    Telegram > @leadsupplier
    ICQ > 752822040

    THANK YOU

    Posted on March 26, 2021 at 7:06 PM

     
  19. Reshma Said,

    Posted on November 20, 2021 at 4:47 AM