Remote Administration Tool - RAT


Name: Remote Administration Tool - RAT
Aliases: Backdoor.RAT, RAT,
Ports: 1095, 1097, 1098, 1099, 2989 (UDP),
Files: Rat10.zip - 823 bytes Rat11.zip - 1.032 bytes Rat20.zip - 6,128 bytes Rat10.exe - 8,192 bytes Rat11.exe - 8,192 bytes Rat20.exe - 12,288 bytes Rat21.exe - 12,288 bytes Rat10akaremote administartion tool.exe - 8,192 bytes Setup.exe - 295,936 bytes .exe - Msgsvr16.exe - Patcher.exe - 21,504 bytes Send.tgz - 616 bytes Message.tgz - Rat.c - 9,658 bytes
Created: Nov 1999
Requires:
Actions: Remote Access / AOL trojan
Registers: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ RunServices\and some 38 other entries !!!
Notes: Works on Windows 95, 98 and ME. Also works on Unix (Linux and FreeBSD). RAT server 1.1 has IRC support added. Send.tgz is Unix client.
Country: written in Russia
Program: Written in Visual Basic 5.0.

© Copyright von Braun Consultants. This information may include technical inaccuracies or typographical errors. If you have any questions or further information about the actual trojan above, please contact Joakim von Braun at <joakim.von.braun@risab.se>