Post: Checking for Remote Access Trojans (RAT's)
12-02-2015, 02:20 PM #1
Adrian
Adrian is back!
(adsbygoogle = window.adsbygoogle || []).push({}); Hello, I have seen that there has been loads of reports for RAT's found in the Black Ops 3 Modding Tools section. This is the time to learn how to check applications for RAT's. If you are one of those people who do not know how I suggest you read the whole thread to learn, this thread is a full tutorial on how I check applications and how I recommend you guys should.

What is a RAT? for the people who do not know.
The term "RAT" is new, however. Trojans are programs that run in the background and give unauthorized access to your computer. It is up to the person who has Ratted you what do do with your computer, but they have several options once you accidentally install a RAT on your system. RATs are usually executable files you download from the internet. It could be masked as another program or a malicious coder could add one to an application which seems normal.

So without further ado, lets get straight into this tutorial.


I do all of these steps so I recommend that you should do the same. All steps are not required it's just the way I do it to make sure.

Opening an application in sandboxie.
First thing people should be doing is opening the exe you are checking in sandboxie. If the application opens there is a possibility that there is no RAT. But not 100%, there still is a slight possibility that there is a RAT, as i said before a malicious coder could add one to an application which seems completely normal.

1. Download sandboxie if you do not have it already. I recommend to download it You must login or register to view this content.. Just click Download from this site when on the page. You will be downloading a setup so go through the setup, it is easy to do. Here is what the web page will look like You must login or register to view this content., the red box shows where to download from.

2. It is pretty easy to open an application in sandboxie. Just simply right click on the exe and click Run Sandboxed. Make sure Default Box is highlighted on the popup then click OK, it will look like this You must login or register to view this content.. You will need to make sure you have all the dlls in the same location as the exe to run the application. If the application opens there still is a possibility that there is a RAT so don't close the application straight away. If the application does not open and just crashes sandboxie skip to the next part, if not keep reading the next step.

3. If the application opens we will need to check our processes using Task Manager. Open Task Manager and Click on the Performance tab. Where we can click Open Resource Monitor at the bottom of Task Manager. This is where we can see all of the hidden processes along with all of the ones what will normally show. This You must login or register to view this content. shows what It will look like, the red square shows the application I have opened with sandboxie, which is an application I have made myself.

This could be different on other Windows. This is on Windows 10, I am sure you will find the same way on other windows. Next to where the application shows in Task Manager you can normally see the RAT's. They all have different names, they will all stand out like Anonymous Login or Remote Access Login. If that shows you can pretty much stop there, shows that there is a RAT with the application. If nothing shows we will go to the next part for checking for a RAT.



Opening an application using a virtual private server and or a virtual machine.
VPS

If you don't know what a VPS is, it stands for virtual private server and is basically a virtual machine sold as a service by an Internet hosting service. Basically just runs its own copy of an operating system.

I know that you guys may not be able to buy this but I recommend 100%, it always helps when checking for remote logins and is very cheap. Some VPS are different when setting up, you can just search them on the internet and use Windows Remote Desktop Connection to connect to your server.

If you guys have one and or decided to get one just simply open the exe on the server and check your processes using Task Manager the same way we did in step 1. Just simply open Task Manager, then click the Peformance tab, then right down the bottom you will see Open Resource Monitor click on that and there is where you can see all processes along with all the hidden ones. This You must login or register to view this content. shows what It will look like, the red square shows the application I have opened with sandboxie which is an application I have made myself.

VM
You can also use a Virtual Machine (VM), which is free, you will just need to do a simple download from You must login or register to view this content..

A VM is an emulation of a particular computer system. Virtual machines operate based on the computer architecture and functions of a real or hypothetical computer, and their implementations may involve specialized hardware, software, or a combination of both. VM and VPS are almost the same.

1. When done the setup you will have a Oracle VM VirtualBox shortcut on your desktop, open it. You will have something like You must login or register to view this content..
2. Click New at the top located You must login or register to view this content.. Name it what ever you want. Select your type, I recommend to use the same software you are on. So I would choose Microsoft Windows. Choose the operating system you wish to install, I will install windows 8.1 for the time being. Click Next.
3. Select your memory your machine is going to have. This depends on how much memory you need. I recommend to use use like 1/4 - 1/2 of your current system. I am going to set it as 3096 for the time being. Keep in mind if this is to high it may cause issues on your hosts machine. Click Next.
4. Now time to create Virtual Hard Disk. Select the the Create a virtual Hard Disk now radiobutton. Go ahead and select Virtual Disk Image (VDI). Click Next.
5. You need to choose Dynamically allocated, it is better to use. Fixed size is highly not recommended. Click Next.
6. Put 20gb for size and click Create. And there we go we now have our very own virtual machine. It should look something along the lines like You must login or register to view this content..
7. There is a couple of things I highly recommend doing. Click settings at the top of virtualbox, found You must login or register to view this content.. It should look like You must login or register to view this content.. Click the advanced tab on the settings popup. On both Shared Clipboard and Drag'n'Awesome facerop set as Host To Guest and click OK. This allows us to copy files over to the virtual machine.
8. Then you will need to install an operating system just like your computer and you're good to go.



Well that is going to bring this tutorial to an end. I really hope this thread will help you guys out a lot. If I made some sort of mistake somewhere let me know.

Thank you Tiphat

The following 8 users say thank you to Adrian for this useful post:

BlitzBeast-, Helping-Hand, Seir, Specter, TheFreakyClown, TheMightyMoJo, vicious_results
02-03-2016, 03:04 PM #11
motoX
Bounty hunter
this is useful to see what your pc is connecting to..in real time...or your whole network in general...all those "legit tools" sure arent very legit...
task manager only tells you part of the story




You must login or register to view this content.

The following 2 users say thank you to motoX for this useful post:

cactustrav77, Python
02-17-2016, 02:57 AM #12
Galaxe
Haxor!
nice tutorial for beginners.
02-22-2016, 02:39 AM #13
Thx for this amazing thread I use virtualBox to see if there are any rats or Trojans I think that works better.
02-22-2016, 02:44 PM #14
,......
07-16-2016, 03:14 PM #15
There are viruses that are able to bypass sandboxie, and even virtual machines, I've read about it somewhere, but those should come from the elite hackers lol not the common skid that download dark comet haha
12-10-2016, 01:29 PM #16
Originally posted by MW2TopTenWORLD View Post
There are viruses that are able to bypass sandboxie, and even virtual machines, I've read about it somewhere, but those should come from the elite hackers lol not the common skid that download dark comet haha


The worst that could happen with a VM could only happen if you allow it. Making shared folders between the host and VM are bad if you're testing programs in the first place. There's also the chance of having the network infected too, but that'd be due to having an insecure network.

Given most people aren't secure when it comes to their network, this is probably the biggest offender. Oh well! Someone will learn a lesson eventually. Smile

Copyright © 2024, NextGenUpdate.
All Rights Reserved.

Gray NextGenUpdate Logo