|
What RAT features do you actually use/need?
by b0mb3r - Tuesday April 1, 2025 at 08:10 AM
|
|
Apr 01, 2025, 08:10 AM
I was playing around with XWorm RAT lately in my test-env and i was pretty stunned bout how much features XWorm has. So my question to you is:
- What features do you actually use ? - What features do you wish would RATs have?
Apr 01, 2025, 08:35 AM
(Apr 01, 2025, 08:10 AM)b0mb3r Wrote: I was playing around with XWorm RAT lately in my test-env and i was pretty stunned bout how much features XWorm has. So my question to you is: What features are necessary? Well the connection obviously LOL. Kind of a vague question, anything else is just so it sells better or is easier to use or such. Thank you for ranks @ Al-Sheikh and @ 5150 !
Apr 01, 2025, 09:26 AM
(Apr 01, 2025, 08:35 AM)302 Wrote:(Apr 01, 2025, 08:10 AM)b0mb3r Wrote: I was playing around with XWorm RAT lately in my test-env and i was pretty stunned bout how much features XWorm has. So my question to you is: Yeah should've mentioned "Apart from the obivous" lmao.
Apr 02, 2025, 12:55 PM
(Apr 01, 2025, 08:10 AM)b0mb3r Wrote: I was playing around with XWorm RAT lately in my test-env and i was pretty stunned bout how much features XWorm has. So my question to you is: I think XWorm does have all that you need. Basically,from a RAT I expect: -Persistency -Anti-virus escaping -remote command execution -Admin mode/UAC disable -Escape plan. Maybe the only thing maybe Xworm lacks is the escape plan. BTW,how you managed to get the source code? I have it too,but I struggled A LOT to find it and then I did on a discord channel. Apart from that,I also found a built version on github, I tested the builder in a VM,noticing what the process did,if it could harm my VM,if he spawns network connection to foreign server,and stuff like that and everything was looking fine. Then I reverse engineered the .exe builder file using dnSPY and I was pretty amazed: No code obfuscation,no strange strings,no registry key created,I took a look at the DLL it loads too and they looks clean. I could confirm that was just the builder. Then did an analysis on the client it generated (the payload) and there was soon clear what it did (nasty things like connecting to the server,referenced a lot of windows type that a malaware needs). Curious to know where you got source code. If you don't wanna telle me here,you can just DM me. 
Apr 02, 2025, 10:58 PM
all you need is shell access anything beyond that is made solely for script kiddies and non-tech people
|
|
« Next Oldest | Next Newest »
|
| Possibly Related Threads… | |||||
| Thread | Author | Replies | Views | Last Post | |
| I'M LOOKING FOR AN INTELX API | 1 | 215 |
Yesterday, 05:16 PM Last Post: orkidd |
||
| Telegram Opsec Guide | 46 | 1,626 |
Apr 26, 2026, 12:43 PM Last Post: 0xdarkdharma |
||
| TOP SECRET FBI HACK BY KOMI | 30 | 1,411 |
Apr 25, 2026, 02:59 PM Last Post: insider100 |
||
| A collection of deepweb sites [2025] | 103 | 2,410 |
Apr 24, 2026, 07:27 PM Last Post: mik3y1243 |
||
| NEW USERS READ - how to avoid malware on the forum | 102 | 12,073 |
Apr 22, 2026, 11:34 PM Last Post: digits |
||
