Skip to content

ElliotAlderson51/Fsociety-RAT

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

17 Commits

DLL - Bypass UAC

DLL - Bypass UAC

 
 

Images

Images

 
 

Kernel Rootkit

Kernel Rootkit

 
 

RAT

RAT

 
 

Sub Projects

Sub Projects

 
 

Websites

Websites

 
 

section_injector

section_injector

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

Repository files navigation

Fsociety-RAT

It was really fun to make this project! This project have a lot of great features and a very good website control for the bots.

The final Malware will bypassing UAC, installing rootkit on 32 bit systems, obfuscated strings, Anti-VM technique, Process Hollowing , Communicate with the website control using CURL (curl is preinstalled in every windows!).

RAT

Malware Persistence Techniques

✔️ The malware hiding a DLL to bypass UAC and a Rootkit in new sections.
✔️ Bypassing UAC using UAC hijacking on the program ComputerDefaults.exe in a "Windows " folder.
✔️ Create a task for the malware in Task Schduler in the path "Microsoft\Windows\Security" with high privileges.
✔️ If the system is 32-bit install and start the rootkit.
✔️ If the system is 64-bit the malware will start Process Hollowing

Malware Attacks

The malware communicate with a control website, this is the current attacks:

✔️ Screenshot
✔️ Task Scheduler
✔️ Remote Shell
✔️ File Manager
✔️ File Explorer
✔️ Keylogger
✔️ Client Info

Website Control Images

Main website control - list the clients and show info about them

plot

Victim profile page

plot

Rootkit

The Rootkit is for 32-bit systems. https://github.com/ElliotAlderson51/Kernel-Rootkit-32Bit

What the Rootkit can do?

Hook the SSDT

✔️ Protect Files (Read\Write\Create\Delete\Rename\Open\Execute)
✔️ Hide Process
✔️ Protect Process, Thread
✔️ Protect Registry Keys (Open\Create\Delete\Set)
✔️ Bypass privilege checks

DLL - Bypass UAC

Create a DLL that will be hijacked to ComputerDefaults to start the malware with high privilege.
https://github.com/ElliotAlderson51/Bypass-UAC

section_injector

This Projects will inject a file to new section in another file.

Injector.exe "section name" "target" "file"

Websites

Fsociety Control Website

This is the Control Website the malware is communicate with to get the commands to execute.

Fsociety Redirect Website

This website have hardcoded url in the malware code, the malware will get the Control Website url from this website.
I create this website so if there is a problem with the Control Website you can just upload the Control Website again and change the url in this website.

Sub Projects

This solutions was helping me to build the final malware

Initialize RAT

This automated the build of the final malware.

✔️ UPX the DLL file
✔️ Inject the DLL and the Rootkit to new sections.

Encoding_Decoding

This helps me to obfuscate the strings in the malware.

TODO

  • Obfuscate Imports

This project is for EDUCATIONAL PURPOSES ONLY. You are the only responsable for your actions! Happy Hacking (;

About

Fsociety RAT, The Open Source C++ Remote Administration Tool (RAT)

Topics

backdoor cpp malware trojan rat keylogger malware-development rat-malware elliotalderson51 elliot-alderson malware-rat fosciety fsociety-rat elliotalderson fosociety-malware website-control malware-design

Resources

Readme

License

MIT license
Activity

Stars

29 stars

Watchers

3 watching

Forks

8 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages