Remy's RAT - x64 C2 Loader & Remote Shell (Windows 10/11)
- 60KB standalone (MSVC, no dependencies, single filer)
- nice and simple anti-debug, anti-VM, anti-sandbox checks
- Persistence; Registry, Scheduled Tasks, Services
- auto proxy detection
- Jittered reconnect loop
Limitations on Win10/11:
1. fodhelper.exe UAC bypass - as of recent is usually patched, use new one simply;
3. Basic sandbox checks - may fail against advanced setups
4. Static C2 - could trigger network alerts
5. Process creation - may trigger AMSI
Suggested improvements for live use:
- change fodhelper for newer UAC bypass
- Add DGA for C2 rotation or some shit
- use process/DLL injection or some side loading techniques
- upgrade XOR to AES/RC4
- Add API obfuscation;
- 60KB standalone (MSVC, no dependencies, single filer)
- nice and simple anti-debug, anti-VM, anti-sandbox checks
- Persistence; Registry, Scheduled Tasks, Services
- auto proxy detection
- Jittered reconnect loop
Limitations on Win10/11:
1. fodhelper.exe UAC bypass - as of recent is usually patched, use new one simply;
3. Basic sandbox checks - may fail against advanced setups
4. Static C2 - could trigger network alerts
5. Process creation - may trigger AMSI
Suggested improvements for live use:
- change fodhelper for newer UAC bypass
- Add DGA for C2 rotation or some shit
- use process/DLL injection or some side loading techniques
- upgrade XOR to AES/RC4
- Add API obfuscation;