Disguise a RAT

rat
#1

Hello everyone,

I’m new to scam baiting and it is very entertaining to watch on youtube so I really want to try it out by my self. I love the ratting video’s and that’s also the reason why I’m posting. The rat tools that are being used on youtube are very popular and widespread. Even windows defender sees them as a virus. How do you disguise/make it invisible for the antivirus of the scammer’s pc? Otherwise the antivirus will trigger immediately and the fun will be over… I’m also not sure what ratting software is the best, I now downloaded en compiled Quasarrat and it seems to be working flawlessly (if you disable Windows Defender). I probably need to edit something in the client file but I can’t find what I would need to change.

Kind regards,
Daan

#2

Most builders will disguise your RAT by default to a certain extent. It depends on how much you add to your RAT, such as BSOD anti-tampering protection, etc etc. I would use WinRAR in certain cases to ZIP the malicious files and encrypt them with a password so the AV cannot delete it before it runs.

#3

You cannot simply stop an AV from detecting your RAT. Not unless you know how to code, or are willing to pay for an encryption. Compressing a file won’t make a difference either, as soon as the file is unzipped it’ll get deleted. You’ll have to manually turn off the AV by connecting to their computer via some means, or getting them to run it for you (social engineering).

#4

I know how to code, I’ve made multiple Android apps in Java and used python for RPI and a c++ variant for Arduino in my thesis. The problem is that I’m new to viruses and computer security. I really want to learn but I’m not sure what to change for the AV not to detect it. I’ll try to edit the open source Quasarrat and let you guys know how it turned out. If someone has more experience with viruses etc, let me know, any help is highly appreciated.

#5

My suggestion is to look at what you want to accomplish and find a language that allows you to do that as simply as possible. C/C++, Java, or Python is not necessarily the right choice. After you make that choice… well it’s simply a classic host/client application. There are literally a ton of white papers on the topic in pretty much any language so have at them.

#6

I started out with C# a long time ago but I was fascinated by Android so I switched to Java. It was a lot easier to switch than I expected. Java and C# have a lot in common (in big lines). I have time next week so I’m going to try some things out. I let you guys know how it turned out.

#7

I assume you are using this solely for scammers and I would hope so but I explained what you would need for that in this post here: New to this, have some questions

#8

Yes, I’m only going to use this to troll scammers. I don’t really see the point in infecting innocent people with this rat because that’s just not funny. The fun part is when you can destroy a scammer’s pc, so at least they can’t scam anymore in a short period of time.

#9

Your assumption is correct. I don’t like scammers, they call me multiple times per day with fake student loan offers, every time I answer, I get connected to someone with an American name with a foreign Indian sounding accent. I understand that there are plenty of Indian Americans here in the states, but what are the chances that I would get a person with that accent every single time I answer and connect if this so-called student loan provider was based in the US? Besides, my entire college tenure was been covered by grants and scholarships and the FAFSA has dedicated funds for loans already if needed.

1 Like
#10

How to disguise a rat:

1 Like
#11

Hello. The fun begins when you use a Mac OS Virtual Machine. First, if you put a RAT in plain sight with the name ‘card details’, the OS won’t give a hissy fit about it being a virus. Because this is a windows’s platform RAT. So it is safe to say you can use that as an alternative.

#12

Hi Daan
I am also a bit new to this, however as I can understand i you can pad it with useless code in the front and back and also ambuscade the code by giving the variables random names that match but does not make much sense to someone or something trying to reverse engineer the code, let me sent you a link to a talented guy who does reverse engineering for a big company.

His vids are very educational!

Best

J

#13

Try python reverse engineering. It would be safer than downloading a program. I’m a stickler against downloading RAT’s as someone who used to write malicious code and RATs. If you can find some code and compile it yourself it would be much safer than downloading a RAT offline and then literally giving it full access through your firewall. Just the pen-tester in me lol

1 Like
closed #14