Friday

Remote Administration Tool Tutorial - What is a RAT



A RAT is the Abbreviation/Shortcut of Remote Administration Tool. It is mostly used for malicious purposes, such as controlling PC’s, stealing victims data, deleting or editing some files. You can only infect someone by sending him the Executable file you have created with your RAT, or either use a Java drive-by to make your victim activate the virus by running a Java applet.

How do Remote Administration Tools work?


A remote administration tool has a Executable file and client technology. The Executable file runs on a controlled host computer and receives commands from the client, which is installed on other remote host. A remote administration tool works in background and will hide for users. You can monitor user’s activity, manage files, install additional software, control the entire system including any present application or hardware device, modify essential system settings, turn off or restart a computer and fun abilities such as turning on Webcams/Changing wallpapers and much more.

Remote administration tools are divided into malicious and legitimate applications. Illegal RATs, also known as remote administration trojans, are analogous to Backdoors and have very similar functionality. However, they aren't viral, do not propagate by themselves and usually do not have additional destructive functions or other dangerous payload. These Malware containing files do not work on their own and must be controlled by the client.



This is how you create your Executable file on a RAT:

  • BlackShades RAT

  • Darkcomet RAT





  • NetWire RAT





  • CyberGate RAT