During the last years I have been performing evasion of heuristic engines and EDR systems on a regular basis, finding myself with the need to have to develop my own malware to evade this type of detections normally based on behavior. This project is a version modified by reversing of the well-known Trojan DarkComet, its functionalities are the same as the original, as well as its signature-level antivirus detections must be similar. However, the following changes have been made to its behavior, to be the closest thing to completely new software in the eyes of an antivirus. These are the main changes that this version brings:

  • File/extension/folder name of the keylogger log system
  • Name for the registry keys created by the software
  • Message at the beginning of TCP communications
  • Communication encryption key
  • Server version number
  • Description of the server file
  • Installation path and binary name
  • Slight redesign of the interface style
  • Mutex randomness pattern
  • Server identification
  • Default port for connections
  • GeoIP.dat and UPX files
  • Fixed a bug that blocked the execution in the latest versions of Windows 10
  • Easter eggs… };)


  • The servers generated by LarryLurexRAT are not functional with DarkComet.
  • The version of DarkComet RAT chosen for this project has been 5.2.
  • Thanks to DarkCoderSc (Jean-Pierre LESUEUR) for his magnificent work.
  • This application is designed exclusively for educational purposes and I am not responsible for the misuse that other people may give LarryLurexRAT software or the information set forth herein.

Pass: 4n0nym0us

1 comentario:

  1. tiene buena pinta gracias , estaria bueno que tubiera usb spreader o algún otro tipo de spreader el builder