LarryLurexRAT

During the last years I have been performing evasion of heuristic engines and EDR systems on a regular basis, finding myself with the need to have to develop my own malware to evade this type of detections normally based on behavior. This project is a version modified by reversing of the well-known Trojan DarkComet, its functionalities are the same as the original, as well as its signature-level antivirus detections must be similar. However, the following changes have been made to its behavior, to be the closest thing to completely new software in the eyes of an antivirus. These are the main changes that this version brings:

  • File/extension/folder name of the keylogger log system
  • Name for the registry keys created by the software
  • Message at the beginning of TCP communications
  • Communication encryption key
  • Server version number
  • Description of the server file
  • Installation path and binary name
  • Slight redesign of the interface style
  • Mutex randomness pattern
  • Server identification
  • Default port for connections
  • GeoIP.dat and UPX files
  • Fixed a bug that blocked the execution in the latest versions of Windows 10
  • The RC4 algorithm has been modified (v0.3), now you will have to reverse the sample to identify the changes in the algorithm.
  • The server.exe makes a loop connection whenever the client is not running. Added for Windows 10/11 operating systems (v0.4).
  • Easter eggs… };)

Clarifications

  • The servers generated by LarryLurexRAT are not functional with DarkComet.
  • The servers generated by LarryLurexRAT v0.1 and v0.2 do not work with LarryLurexRAT v0.3.
  • The version of DarkComet RAT chosen for this project has been 5.2.
  • Thanks to DarkCoderSc (Jean-Pierre LESUEUR) for his magnificent work.
  • This application is designed exclusively for educational purposes and I am not responsible for the misuse that other people may give LarryLurexRAT software or the information set forth herein.

FULL COMPATIBILITY WITH WINDOWS 10/11


16/01/2023
Pass: 4n0nym0us

14/01/2023
Pass: 4n0nym0us

23/12/2021
Pass: 4n0nym0us

1 comentario:

  1. tiene buena pinta gracias , estaria bueno que tubiera usb spreader o algún otro tipo de spreader el builder

    ResponderEliminar