{"id":18062974,"url":"https://github.com/schwartzblat/alonrat","last_synced_at":"2025-04-11T15:13:38.175Z","repository":{"id":232274863,"uuid":"783022382","full_name":"Schwartzblat/AlonRAT","owner":"Schwartzblat","description":null,"archived":false,"fork":false,"pushed_at":"2024-06-02T20:49:37.000Z","size":73,"stargazers_count":7,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-03-25T11:21:49.893Z","etag":null,"topics":["cpp","malware","obfuscation","rat","windows","x64"],"latest_commit_sha":null,"homepage":"","language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Schwartzblat.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-04-06T18:10:52.000Z","updated_at":"2024-09-15T21:08:29.000Z","dependencies_parsed_at":"2024-06-02T22:09:16.056Z","dependency_job_id":"99bbffe9-0100-4915-a05c-546603936c7b","html_url":"https://github.com/Schwartzblat/AlonRAT","commit_stats":null,"previous_names":["schwartzblat/alonrat"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Schwartzblat%2FAlonRAT","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Schwartzblat%2FAlonRAT/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Schwartzblat%2FAlonRAT/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Schwartzblat%2FAlonRAT/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Schwartzblat","download_url":"https://codeload.github.com/Schwartzblat/AlonRAT/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248429117,"owners_count":21101785,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cpp","malware","obfuscation","rat","windows","x64"],"created_at":"2024-10-31T05:09:01.694Z","updated_at":"2025-04-11T15:13:38.154Z","avatar_url":"https://github.com/Schwartzblat.png","language":"C++","funding_links":[],"categories":[],"sub_categories":[],"readme":"## My personal RAT (Remote Administration Tool) project\n\n### Currently under development.\nI know that a lot of my code right now is bad but I will improve it later.\n\n#### The current architecture is:\n1. \"Innocent\" service that serves at a stupid injector (currently using basic dll injection because it doesn't really matter, every normal injection method is already known by AntiViruses).\n2. The service injects the AlonRAT dll into a system process like `svchost.exe` or `winlogon.exe`, I haven't decided yet.\n3. The tool queries the c\u0026c server in intervals.\n4. Both PEs are hardly obfuscated by string obfuscator and winapi obfuscator (using the peb and dynamic loading).\n5. The tool creates a mutex and the injector is checking that the tool is still alive in intervals, if not it will inject a new one.\n6. The tool is monitoring after tools like wireshark and stops the connection immediately once detected.\n\n\n\n## Current features:\n1. Run command as system.\n2. Run command as user using token impersonation.\n\n## Some cool ideas I will probably implement:\n1. Encryption of the on-disk dll.\n2. Encrypt the code that access the peb.\n3. Inject to more processes to make some backups if one of the threads crashes.\n4. Anti debugging.\n5. Anti virust total (sleeps, get a key from the server to enter a suspicious flow).\n6. Automatic backdoors insertion.\n7. Encrypted communication with an AES key.\n\n\n## Contribution\n\nI am making this tools as a personal project so I will develop it on my own.\nIf you a cool idea for a feature or suggestions for improvements, you can open an issue and if it's cool I will do it.\n\n\n## Purpose\nBla bla bla this repo is for educational purposes only, don't do shitty things with it.\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fschwartzblat%2Falonrat","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fschwartzblat%2Falonrat","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fschwartzblat%2Falonrat/lists"}