Horus Eyes RAT (HE-RAT) is a tool used by cybercriminals to bypass security mechanisms. It has been used in high-profile activities, such as the Warsaw banking trojan, which tricks victims into infecting their systems using a fake bank overlay window. HE-RAT has the following features: Persistence, Gathering details, Capturing data, Matching data, and Executing remote commands.
one of the latest tools used along with the recent ‘warsaw’ banking trojan circumventing security appliances, AV and EDRs during its execution
2021 Reports
Remote Access Tool Written in VB.NET
Server : .NET 4.8
Client : .NET 4.5
Features :
- Supports DNS (No-IP for example)
- Multi-Threaded
- Asynchronous
- Packets Serialization
- Multi Ports Listener
- Automation Tasks when client is connected
- Save Settings for automation tasks
- Blur ScreenLocker
- Monitor Rotation (0 , 90 , 180 , 270 degrees)
- Hide & Show Taskbar
- Hide & Show Desktop Icons
- Hide & Show Cursor
- Swap & Normal State Mouse Buttons
- Lock & Unlock Keyboard
- Empty Bin
- Native Injection : You can inject an unmanaged DLL (C++ , C , D…)
- 32 & 64 bits stubs
- Mass Tasks: Passwords Recovery , History Recovery , Wifi Passwords Recovery
- Tasks Manager : Kill , Resume , Pause
- Passwords Recovery (+35 web browsers based on chromium)
- History Recovery (+35 web browsers based on chromium)
- Wifi Passwords Recovery
- Power : Log out , Reboot , Shutdown , Hibernate , Suspend
- BSOD
- Increase Volume
- Decrease Volume
- Mute | Unmute Volume
- Save all passwords | history recovered
- Export History | Passwords as .csv file
- Installation : Set a task in TaskScheduler | Hidden from startup + copy file in local user path hidden
- Ability to change your client priority
- Ability to ask for privileges
- Check UAC at different levels (if enable or not)
- File Manager : Create Directory, Open File, Delete File, Move File To Bin, Download File
Sources :
- System.Data.SQLite.dll : https://github.com/Faithlife/System.Data.SQLite
- IpAPI : https://ip-api.com/
- Passwords Recovery : Modded Library Based on : https://github.com/0xfd3/Chrome-Password-Recovery
- Wifi Passwords Recovery : Modded Library Based on : https://github.com/r3nhat/SharpWifiGrabber
- Loading Unmanaged DLLs in Managed EXE : Class comes from : https://github.com/schellingb/DLLFromMemory-net with manual mapping for those dlls.
File Size: 5.1 Mb
What do you think?
It is nice to know your opinion. Leave a comment.