RadRAT is a newly found Remote Administrator Tool which has been in existence since 2015. It worked surreptitiously stealing millions of data untill security Researchers at BitDefender found it. To know more about RadRAT, it’s working and its uses, go to the following link :
Since the orginal RadRAT files are uploaded by BitDefender antivirus company, the RAT is divided into components for research purposes. The files are uploaded in google drive and the link for each component is given below.
RadRAT Tool Free Download :
For 32 bit,
wrpcs.dll – http://festyy.com/wPtun7
ntmgr2.dll – http://festyy.com/wPtu2x
Sysmgr.exe – http://festyy.com/wPtitO
-rs19.tmp – http://festyy.com/wPtiaS
Ssleay.dll – http://festyy.com/wPtiQx
Libeay.dll – http://festyy.com/wPtiTv
For 64 bit,
wrpcs.dll – http://festyy.com/wPtiMx
ntmgr2.dll – http://festyy.com/wPtoth
sysmgr.exe – http://festyy.com/wPtosQ
-rs19.tmp – http://festyy.com/wPtohb
Ssleay.dll – http://festyy.com/wPta23
Libeay.dll – http://festyy.com/wPtssg
Source : BitDefender
RadRAT useful Commands :
Command ID 1 – Used to list all the available files in the present directory of the victim’s machine.
Command ID 2 – Used to upload files from victim’s machine to C&C server.
Command ID 3 – Used to download files from the command & control server.
Command ID 4 – Deletes the request file if file ID is mentioned.
Command ID 9 – The Keyloggers of this RAT are enabled by default. This command send the captured data from the keylogger of the target to the server.
Command ID 10 – exfiltrate usernames and passwords, browser history and network traffic.
Command ID 11 – Captures screenshot through webcam or any other available multimedia devices.
Command ID 17 – Attempts to read a single byte of information from the victim machine to ensure the connection status.
Command ID 21 – Begins creditintials harvester by injecting into Lasass.exe
Command ID 32 – Used to discover available machines on the same network using ARP discovery.
Command ID 34 – Performs ARP poisoning on the local network.
Command ID 42 – Take multiple screenshots with scheduled time interval.
Command ID 52 – Grab and sends information regarding the RDP session in the infected device and their status along with their username, host and Ip address.
Command ID 56 – Sends the decrypted NT & LM hashes along with the user data (Ps : The NT & LM hashes are salted by default)
Command ID 68 – Get’s the Web Hostory and Saved username passwords of popular websites from Internet Explorer. But this command won’t work on chrome and other browsers. By default, the RAT is designed only to decrypt and send the data from browsers such as Mozilla and internet explorer.
Command ID 78 – Makes HTTP request as sent from the command & control server.
Command ID 80 – Attempts to takeover complete ownership of the working registry key.