Monday, 20 January 2014

::: RAKABULLE - Advanced Remote Administration Tool from DarkComet :::

I hope you all still remember the famous and powerful remote-access Trojan (RAT) called 'Dark Comet', developed by a French computer geek 'Jean-Pierre Lesueur', also known as 'DarkCoderSc'.

However, He had closed the Dark Comet project, when the Syrian government found to be using it to track down and to spy on their people. After that DarkCoderSc started working under a new banner 'Phrozen Software' to develop many new security softwares and penetration testing tools.

On 16 January, 2014 , Jean-Pierre and his team-mate Fabio Pinto from French University, have released a new tool called 'Rakabulle', a file binder with some cool features for penetration testers and malware researchers.



What is a File Binder ?
File binder is an application that allows a user to bind multiple files together, resulting in a single executable file. When you execute that single application, all previous merged files will be extracted to a temporary location, and will be executed normally.

"The builder Rakabulle application will create a stub and inject in its resource the target files to extract and execute. The stub is the little generate part of the program which is designed to extract from its resource the target files to a temporary location and execute. In our application the stub also got a part to inject in Explorer or Internet Explorer process and load custom made plugins".

Below are the features of  "Rakabulle":

File binder, auto file extractor and executor.
REM (Remote Code Execution), Execute code (Plugins) in target process (Explorer or Internet Explorer)
Support 32 and 64 Process.
The application is a 32bit Application (Soon we will compile the 64bit version)
Support UPX compression for the stub (Without compression stub size is about 38KiB using pure Windows API no extra libraries; with compression stub size is approximately 16KiB) The UPX compression doesn’t change the way the application work only the final size.
Support Windows startup.
Doesn’t require administrative privileges.
Plugins and File list support drag and drop.
Support plugins with an open source example.
The stub and the builder are coded using Unicode encoding.

Video Demo
Download Rakabulle here




No comments:

Post a Comment