var unreadAlerts = '1';
You have one unread private message from dkota titled Welcome to the Forum!

Funshine's Tail of a RAT Ch.4 RATS
#1
Chapter 4: RATs
I'm not going to go into every RAT or piece of malware available out there but I will instead focus on the ones that are listed in The Armory and currently trending around the globe. By doing so you'll get a review on some of the pieces of malware along with some reading material on the technicalities of each tool so you can feel confident in purchasing the right product for your own cybercriminal empire.

Everything is tested regularly at HackTown by myself and some other individuals I've recruited for the process. I want to thank them for testing the products and providing me with a different insight into them. Without them it would've been a much slower process so thanks again! You know who you are!


Each tool will be referenced as follows:
Economic value:
Is the product worth the money.

User friendliness:
How easy is the product to use.

Functionality:
Does the product function as advertised.

Support:
Dealing with the malware developer and general support.

Overall:
Overall rating of the product.




Let's take a look at some of the malware available at The Armory within HackTown.

[*]Remcos
[*]Venom
[*]Warzone
[*]Racoon Stealer
[*]SpyNote - Mobile Android RAT
[*]Secure Data Protector - Ransomware (No longer - Malware developer arrested 2022)





Remcos
http://breakingsecurity.net

You can check out on the features of Remcos on their website by visiting the link above.

Economic value: 9/10
User friendliness: 8/10
Functionality: 9.5/10
Support: 9/10
Overall: 9.5/10



The problems consistently encountered by us while testing this RAT was that the UAC bypass isn't the greatest and is pretty much unreliable. We kept frequently getting an error when attempting the UAC bypass as seen in the screenshot below.


Either than that Remcos is an excellent RAT of choice for most cybercriminals and hackers alike. It comes with many useful features and is very easy to use and if you've used ANY RAT in the past you'll feel right at home with this product.

Once you've purchased the RAT you'll be given access to the Graphical User Interface (GUI) where you can set it up to your liking with keylogger, file name, etc.

The purchasing process for Remcos RAT is an easy process. To make the purchase head over to their website and follow the directions to make the purchase by sending the BTC and accessing the Client Area section after payment to download your personal license for the product.





Once you've made the purchase and downloaded your files you'll need to activate the product using your license. It's easy. Run the application called "KeyGen.exe", enter your email in the "registration email" box and then click on "Generate key". If no error messages pop up then proceed to activate the licence by clicking on "Activate key". Enter your email again then select "OK". If everything is good you will be presented with the terms of use.






Once it's activated go ahead and click on the Remcos file to be presented with the main window as seen in the screenshot below.



We need to create the file to deliver to infect our victims so click on the "Agent Builder" tab. The first section called "Connection" is where we enter the IP of the computer where you have Remcos installed on. If you're running Remcos on a Windows RDP make sure you're putting the IP of that Windows RDP computer while creating the builder so your victims connect back properly. Since this is for testing purposes the IP is set to the localhost (127.0.0.1) and port 2404.



Next we click on "Installation" to edit where the file should exist on the victim computer, its filename, and some other options.



The section after that called "Stealth" is where some options exist to have Remcos inject into a different process to help remain hidden. It's a good idea to have it inject into known processes but to be honest the targets you should be going after won't know what to look for either way.



The Keylogger option is good if you're needing to record keystrokes and I recommend you do this every time if possible. My reasoning behind this is you'll be able to capture everything your victim types on their keyboard which may lead to you coming across something useful your target is typing such a messages, other account information, etc.

One thing to note here is to select the "Clear cookies and stored logins" so your victim has to re-enter their passwords to their accounts when accessing them via a web browser. This is why you should always enable a keylogger and wipe their cookies. Since Remcos has this built in this is great but there are manual commands you can enter on a compromised host if you have shell access too.



The "Surveillance" section is good for taking screenshots, recording audio, and monitoring your targets screen.



Once you have edited the settings you want to include into your Remcos build click on the "Build" section and create your Remcos RAT file that you'll need to deliver to your victims. As you can see in the screenshot below you can make a Remcos RAT an executable (.exe) or a .dll file.



Once you're ready click on "Build Agent" and Recmos will compile itself using the options you've specified it to build and be presented with the screenshot below.





Once you have infected someone you will get a connection back under the "Connections" tab as seen in the screenshot below.



Right clicking on a victim will bring up many options to interact with their computer









Venom
https://venomcontrol.com

To purchase the Venom RAT use the Autoshop function on their website or contact the malware developer directly through Telegram. It's highly advisable to purchase the hidden VNC (HNVC) option so you're able to control your victims better remotely by using their own screens. A bit more expensive but very much worth it for our cybercriminal operations. The cost of doing business yes?

Economic value: 7/10
User friendliness: 9/10
Functionality: 8/10
Support: 9/10
Overall: 9/10


Once you've made the purchase and received your files launch Venom.exe to be presented with the screen below.



Once you've entered your license and picked which Port to have Venom listening on for your victims to connect back you'll be presented with the main screen as seen in the screenshot below.



To build the file you need to send to your victims right click anywhere and select "Building Server". Go through the motions of which options you want to include and click "Build".



When your victim executes the file you'll get a connection back to your server where you can right click on the victim listed to see the options available to you.



As stated it's best to purchase the HVNC model of Venom to fully maximize your options when dealing with your infected targets. If you've purchased the HVNC option the GUI looks a little different but the overall RAT functions the same.



When you right click on your victim select the "HVNC" option and click on "Venom HVNC". After that you'll be presented with a new GUI, right click anywhere, and select "Builder". Go through the settings properly and click on "Build HVNC". Once you've done that you can now right click on your victim and select "Move to HVNC". Select the file you just created and then you should see your victim in the HVNC GUI window. Right click on them and select "Venom HVNC".






Warzone RAT - Poison
https://warzone.pw/poison.html

Economic value: 7/10
User friendliness: 7/10
Functionality: 7/10
Support: 9.5/10
Overall: 7.5/10


Some of the negatives about this RAT is the HVNC can be unreliable and didn't always work as expected compared to the Venom HNVC.

Purchasing Warzone is straight forward. To do so head over to their website, make the purchase, and download the files. Once you execute Warzone for the first time it'll give you your Hardware ID which you need to copy and enter into your client on Warzone website as seen in the screenshots below.




Like every RAT builder out there once you launch Warzone you want to build the file you need to send to your victims. Launch Warzone and click on "Client Builder".



After building your Warzone file to send to your victims you need to make sure your Warzone is listening for connect backs by clicking "Server Settings" and start listening for victims by selecting "Listening On/Off" and then "Apply Changes". You must obviously use the same port you selected in the Agent building process so everything matches up.

Once your victim has executed the file you'll see them in your dashboard to interact with as you see fit.





Racoon Stealer
Update:
The malware seller has been arrested and this product is no longer available. This will stay here for informations only.


Economic value: 8/10
User friendliness: 9/10
Functionality: 9/10
Support: 9.5/10
Overall: 9/10


Racoon stealer was an excellent product that will steal all online and saved account information from your victim's computer. What's great about this product is that it comes with a built in crypter designed strictly for The Racoon Stealer.

You access everything through your web browser to build and manage your victims remotely.




The FAQ comes with a lot of information and you should read all of it before you use this tool in the wild.

Clicking on "Builds" and creating a new file for your victims to execute is easy and straight forward.




Creating a crypted file is easy as clicking on the "Crypt" button.



Their crypt option at the time of this writing bypassed 99% of the AV products currently out there during testing.



It should be noted that you should crypt each build every time to ensure your file is FUD as this product, like every malware product, is not FUD out of the box.

All the captured logs, passwords, and cookies from your victims is stored under the "Logs" tab



SpyNote Android RAT
https://spynote.us

SpyNote is a great mobile RAT for Android mobile phones. This product is a little out of scope for HackTown but I know some members are looking for such products so we were able to test and use this one with ease.

Economic Value: 9.5/10
User friendliness: 9/10
Functionality: 9.5/10
Support: 9.5/10
Overall: 9.5/10


Purchasing the product is straight forward. Make the purchase from the website listed above, download your files, run the program, and forward your license ID to support to activate the product.

Everything is pretty much the same once you launch the application. You'll need to build the .apk and add the settings you want for the final file. Below are some screenshots of the product in action.



This piece of mobile malware has more features that should be considered when making the purchase of this product. This includes a more advanced version which can be uploaded to the PlayStore, has HVNC functionalities, and bypasses the "Allow this app..." prompts and other warnings some targets may be presented with.

In short. Always purchase the best version of the product you're after
!



Secure Data Protector (SDP)
Updated - Malware developer arrested. Product no longer available. I'm going to leave this here to demonstrate the importance of purchasing the right product when it is available and not time pass you the fuck by. Don't let time pass you by any longer move on your plans sooner than later!

Economic Value: 7/10
User friendliness: 4/10
Functionality: 9/10
Support: 10/10
Overall: 8/10



Secure Data Protector (SDP) is an excellent piece of ransomware developed by a developer who was active at HackTown, CryptBB, and elsewhere. This product is very fast, reliable, and comes with a lot of different tools for Active Directory (AD) exploitation and lateral movement across the network to other computers.


IMPORTANT



This product is not for newbies and the malware developer expects you to review the material that you are provided to understand how to use this tool to its full potential. This piece of ransomware is very customizable and is for ADVANCED USERS only. This ransomware is not plug and play right out of the gate and requires extensive setup before you're able to deploy it.



Ransomware is better deployed post exploitation meaning you have already compromised the target with a RAT, disabled as many WD settings as possible, gained administrator privileges, etc.

Secure Data Protector is not always FUD and it's highly recommended by the malware developer to purchase a crypter for it. If you're operating at the professional hacker level and you're aiming to compromise businesses from small to large then this is the product you're looking for.

A quick tutorial to get this product running:

[*]Disable Windows Defender
[*]Download Smart assembly (you will be provided with a link for it.)
[*]Download the crack
[*]Install Smart Assembly
[*]Run the keygen and select the correct product (in the crack folder.)
[*]Disable Smart Assembly's Internet access in Windows 10 Firewall settings
[*]Open Smart Assembly and click "Activate"
[*]Save the activation.txt file
[*]Open the keygen and load activation.txt
[*]Save the resulting activation file
[*]In Smart Assembly load the activation file
[*]The Software should be activated
[*]Verify that everything went well by clicking on "Deactivate serial number" (don't click on "Deactivate")
[*]Download all the tools that you're provided with
[*]Run Builder.exe and send the HWID to the malware developer
[*]You will be provided with some files to put into the RaaS folder and run the builder again
[*]New files will be given to you to put those to the builder folder as well
[*]Run builder.exe again


Once everything is setup properly you can run the builder to create the ransomware file needed to send to your victims.



null




You should have an understanding on what type of malware is available to you today and what tools you need for your operations. Make sure you have everything setup before making a malware purchase and when you're ready buy the right product for your needs and use it right away on your targets. Make haste.
Report


Quick Reply
Message
Type your reply to this message here.



Possibly Related Threads…
Thread Author Replies Views Last Post
  Funshine's The Tale of a RAT Ch.1 Omien 4 304 05-28-2023, 12:57 PM
Last Post: DeSnake
  Funshine's Tail of a RAT Ch. 6-7 Malware Delivery Omien 0 189 05-01-2023, 11:08 AM
Last Post: Omien
  Funshine's Tale of a RAT Ch.5 Evasion Omien 0 165 05-01-2023, 10:51 AM
Last Post: Omien
  Funshine's Tail of a RAT Ch.3 C&C Omien 0 192 05-01-2023, 10:28 AM
Last Post: Omien
  Funshine's Tail of a RAT Ch.2 Omien 0 213 05-01-2023, 10:07 AM
Last Post: Omien



Users browsing this thread: purely_cabbage
var thread_deleted = "0"; if(thread_deleted == "1") { $("#quick_reply_form, .new_reply_button, .thread_tools, .inline_rating").hide(); $("#moderator_options_selector option.option_mirage").attr("disabled","disabled"); }