First of all There is no such thing as a “RAT Crypter”. A RAT crypter is just a general way of referring to a crypter that is compatible with a particular RAT. Another popular way of referring to a RAT crypter more specifically would be to say the name of the RAT, such as “darkcomet crypter“, “Netwire Crypter”, or “JRat Crypter”.. you get the point. Although keep in mind there is no actual official “Darkcomet or JRat” Crypter. There are just crypters that are compatible with those RATs and some crypters can crypt a different amount of RATs than others can.
So lets get straight to the point, your looking for a crypter that can FUD your RAT, right? If yes, then read on. (Assuming your interest is for InfoSec purposes.)
You probably know what a RAT is by now and you probably already have one too, but you are not entirely sure which crypter would be compatible with it. In order to get the answer to this question, you should first understand what a RAT actually is, in terms of the specific types of RAT and more. Once you understand what a RAT actually is then you will understand how to find a suitable crypter for it. In this article I will briefly tell you exactly what you need to understand about RATs in order to find any compatible crypter.
In general, most people understand that a RAT (which stands for Remote Administration Tool or Remote Access Trojan) is basically software which allows someone to remotely control a system as if said person has physical access to that system.
Side Note: You might be wondering, how do you differentiate between a remote access tool and a remote admin trojan anyway? Well it is believed that unlike remote admin tools, remote access trojans have invisible installations and therefore are considered malicious.
- Darkcomet RAT
- Netwire RAT
- Cybergate RAT
- Cerberus RAT
- Blackshades RAT
- Meterpreter RAT
Although what most people don’t know, is that there are different types of RATs, often categorized by the language that they were created and sometimes, the feature set.
Popular Types of RATs
- .NET RAT (Blackshades)
- VB6 RAT (Blackshades)
- C++/ASM RAT
- Delphi RAT (Darkcomet)
- Java RAT (Jrat)
Some Types of RATs By Features
- Multi-platform RATs
- PC RAT
- Mac RAT
- Bind TCP Rats
- Reverse TCP RATs
- EOF RATs
How To Find a Compatible Crypter For a RAT
Now let’s ask ourselves, what makes a crypter compatible with a RAT? This question comes down to three things.
- Is the language of the RAT supported by the crypter?
- Check if the crypter supports the language of the RAT, for example if the crypter is created in Java, the purpose of it is likely to crypt .jar files. Or if the crypter is in C++ and the RAT is in .NET. (Note: Although most C++ crypters can crypt all RAT languages.)
- Does the RAT use EOF data?
- This is a relatively common scenario where some RATs use EOF data. If that is the case, the crypter must take this into account, otherwise the crypted result may be corrupted.
- Does the RAT have modified PE data
- Sometimes a RAT may simply be uncryptable, especially if it contains already modified PE data
- Is the RAT already encrypted?
- Similar to the scenario where the PE data is modified. Often times if the RAT is already crypted, you cannot crypt it again using a crypter.
- Is the RAT in unicode?
- If the RAT is set in unicode and uses a different language. The crypter must also support unicode.
Even though the compatibility issues mentioned above seem like a great many, Fortunately, most of these issues do not occur at all when using the most popular RATs mentioned in article above with a popular crypter such as CypherX
Although if you are using a different RAT that is not mentioned in the above list, then you can search google with keywords mentioned above or check the crypters features if they include keywords such as “unicode support” and “EOF support”.
One thing to keep in mind is that most crypters only crypt .exe files that run on PC. I do not currently know of any crypter that can crypt .jar files or .dmg files for Mac.
Note: JRat is an example of a multiplatform RAT which can be produce .exe server files or .jar server files.