• Earn real money by being active: Hello Guest, earn real money by simply being active on the forum — post quality content, get reactions, and help the community. Once you reach the minimum credit amount, you’ll be able to withdraw your balance directly. Learn how it works.

RAT Gcat RAT

Status
Not open for further replies.

steambag

Leech
User
Joined
Apr 2, 2012
Messages
208
Reputation
0
Reaction score
935
Points
93
Credits
0
‎13 Years of Service‎
70%
A stealthy Python based backdoor that uses Gmail as a command and control server

Options:

Code:
>
                                            dP   
                                            88   
               .d8888b. .d8888b. .d8888b. d8888P 
               88'  `88 88'  `"" 88'  `88   88   
               88.  .88 88.  ... 88.  .88   88   
               `8888P88 `88888P' `88888P8   dP   
                    .88                          
                d8888P  


                  .__....._             _.....__,
                    .": o :':         ;': o :".
                    `. `-' .'.       .'. `-' .'   
                      `---'             `---'  

            _...----...      ...   ...      ...----..._
         .-'__..-''----    `.  `"`  .'    ----'''-..__`-.
        '.-'   _.--'''       `-._.-'       ''''--._   `-.`
        '  .-"'                  :                  `"-.  `
          '   `.              _.'"'._              .'   `
                `.       ,.-'"       "'-.,       .'
                  `.                           .'
             jgs    `-._                   _.-'
                        `"'--...___...--'"`

                    ...IM IN YUR COMPUTERZ...

                       WATCHIN YUR SCREENZ

optional arguments:
 -h, --help            show this help message and exit
 -v, --version         show program's version number and exit
 -id ID                Client to target
 -jobid JOBID          Job id to retrieve

 -list                 List available clients
 -info                 Retrieve info on specified client

Commands:
 Commands to execute on an implant

 -cmd CMD              Execute a system command
 -download PATH        Download a file from a clients system
 -upload SRC DST       Upload a file to the clients system
 -exec-shellcode FILE  Execute supplied shellcode on a client
 -screenshot           Take a screenshot
 -lock-screen          Lock the clients screen
 -force-checkin        Force a check in
 -start-keylogger      Start keylogger
 -stop-keylogger       Stop keylogger

Meow!

Setup

For this to work you need:

A Gmail account (Use a dedicated account! Do not use your personal one!)

Turn on "Allow less secure apps" under the security settings of the account

You may also have to enable IMAP in the account settings

This repo contains two files:

gcat.py a script that's used to enumerate and issue commands to available clients

implant.py the actual backdoor to deploy

In both files, edit the gmail_user and gmail_pwd variables with the username and password of the account you previously setup.

You're probably going to want to compile implant.py into an executable using Pyinstaller

Filename: implant.py

Detection Rate: 6/35

File Size: 23kb

File MD5: 3e527b7c656ecdfcfc247ee420a3a967

File SHA1: 1d2d273d312bae585ba56badf7cda75953b13ecc

Date: 16-Aug-2016 14:35:12 GMT

Link:
This link is hidden for visitors. Please Log in or register now.


This link is hidden for visitors. Please Log in or register now.


AVG Free : Clean

Avast : Python:InfoStealer-A [Trj]

AntiVir (Avira) : Clean

BitDefender : Clean

Clam Antivirus : Clean

COMODO Internet Security : Clean

Dr.Web : Python.BackDoor.14

eTrust-Vet : Clean

F-PROT Antivirus : Clean

F-Secure Internet Security : Clean

G Data : Clean

IKARUS Security : Trojan.Python.Agent

Kaspersky Antivirus : Clean

McAfee : Clean

MS Security Essentials : Backdoor:Python/Atalag.A

ESET NOD32 : Backdoor.Python/Agent.K

Norman : Clean

Norton Antivirus : Backdoor.Trojan

Panda Security : Clean

A-Squared : Clean

Quick Heal Antivirus : Clean

Solo Antivirus : Clean

Sophos : Clean

Trend Micro Internet Security : Clean

VBA32 Antivirus : Clean

Zoner AntiVirus : Clean

Ad-Aware : Clean

BullGuard : Clean

FortiClient : Clean

K7 Ultimate : Clean

NANO Antivirus : Clean

Panda CMD : Clean

VIPRE : Clean

SUPERAntiSpyware : Clean

Twister Antivirus : Clean

Download

[HIDE-THANKS]
This link is hidden for visitors. Please Log in or register now.
[/HIDE-THANKS]
 
Re: Gcat RAT

Its a python Source file,No need for a scan.

 
Re: Gcat RAT

Its a python Source file,No need for a scan.
So, its can be compiled to exe. Pyinstaller will help with this

 
Re: Gcat RAT

I convert py to exe and got the same 6/35. So, dr. Web detection chanched to K7 Ultimate.

Filename: implant.exe

Detection Rate: 6/35

File Size: 4358kb

File MD5: 4fc954aad87501fff0e627767caac98f

File SHA1: e95799cb762f4136945c03c956c8e05638586701

Date: 16-Aug-2016 22:26:36 GMT

Link:
This link is hidden for visitors. Please Log in or register now.


This link is hidden for visitors. Please Log in or register now.


AVG Free : Clean

Avast : Python:InfoStealer-A [Trj]

AntiVir (Avira) : Clean

BitDefender : Clean

Clam Antivirus : Clean

COMODO Internet Security : Clean

Dr.Web : Clean

eTrust-Vet : Clean

F-PROT Antivirus : Clean

F-Secure Internet Security : Clean

G Data : Clean

IKARUS Security : Trojan.Python.Agent

Kaspersky Antivirus : Clean

McAfee : Clean

MS Security Essentials : Backdoor:Python/Atalag.A

ESET NOD32 : Backdoor.Python/Agent.K

Norman : Clean

Norton Antivirus : Heur.AdvML.B

Panda Security : Clean

A-Squared : Clean

Quick Heal Antivirus : Clean

Solo Antivirus : Clean

Sophos : Clean

Trend Micro Internet Security : Clean

VBA32 Antivirus : Clean

Zoner AntiVirus : Clean

Ad-Aware : Clean

BullGuard : Clean

FortiClient : Clean

K7 Ultimate : Trojan ( 004b407a1 )

NANO Antivirus : Clean

Panda CMD : Clean

VIPRE : Clean

SUPERAntiSpyware : Clean

Twister Antivirus : Clean

py to exe setup

[video=youtube;-WF8tCRFtlM]

 
Re: Gcat RAT

I del all comments in source and have 1/35.

Next I use pyobfuscator
This link is hidden for visitors. Please Log in or register now.
and have 0/35 in py file.

After compile py to exe I have 2/35.

After delete icon in ResHacker I have 0/35

Filename: nanana.exe

Filesize: 4,29 MB

Date: 2016-08-18 20:01:18

MD5: 19c0aa34756085a95e1cdec42021e413

SHA1: 896368b291996bc3564cea8f1aa31ad978664b02

Status: Clean

Rate: 0/35

Details:

Ad-Aware - File is clean

A-Squared - File is clean

Avast - File is clean

AVG Free - File is clean

AntiVir (Avira) - File is clean

BitDefender - File is clean

BullGuard - File is clean

Clam Antivirus - File is clean

COMODO Internet Security - File is clean

Dr.Web - File is clean

ESET NOD32 - File is clean

eTrust-Vet - File is clean

FortiClient - File is clean

F-PROT Antivirus - File is clean

F-Secure Internet Security - File is clean

G Data - File is clean

IKARUS Security - File is clean

K7 Ultimate - File is clean

Kaspersky Antivirus - File is clean

McAfee - File is clean

MS Security Essentials - File is clean

NANO Antivirus - File is clean

Norman - File is clean

Norton Antivirus - File is clean

Panda CommandLine - File is clean

Panda Security - File is clean

Quick Heal Antivirus - File is clean

Solo Antivirus - File is clean

Sophos - File is clean

SUPERAntiSpyware - File is clean

Trend Micro Internet Security - File is clean

Twister Antivirus - File is clean

VBA32 Antivirus - File is clean

VIPRE - File is clean

Zoner AntiVirus - File is clean

Scan Result:
This link is hidden for visitors. Please Log in or register now.


This link is hidden for visitors. Please Log in or register now.


 
Last edited by a moderator:
Status
Not open for further replies.
Back
Top