Polaris
Member
Staff member
3
YEARS
3 YEARS OF SERVICE
---
LimeRAT v0.1.9
Remote Administration Tool For Windows
---
Description
Simple yet powerful RAT for Windows machines. This project is simple and easy to understand, It should give you a general knowledge about dotNET malwares and how it behaves.
---
Main Features
- **.NET**
- Coded in Visual Basic .NET, Client required framework 2.0 or 4.0 dependency, And server is 4.0
- **Connection**
- Using pastebin.com as ip port , Instead of noip.com DNS. And Also using multi-ports
- **Plugin**
- Using plugin system to decrease stub's size and lower the AV detection
- **Encryption**
- The communication between server & client is encrypted with AES
- **Spreading**
- Infecting all files and folders on USB drivers
- **Bypass**
- Low AV detection and undetected startup method
- **Lightweight**
- Payload size is about 25 KB
- **Anti Virtual Machines**
- Uninstall itself if the machine is virtual to avoid scanning or analyzing
- **Ransomware**
- Encrypting files on all HHD and USB with .Lime extension
- **XMR Miner**
- High performance Monero CPU miner with user idle\active optimizations
- **DDoS**
- Creating a powerful DDOS attack to make an online service unavailable
- **Crypto Stealer**
- Stealing Cryptocurrency sensitive data
- **Screen-Locker**
- Prevents user from accessing their Windows GUI
- **And more**
- On Connect Auto Task
- Force enable Windows RDP
- Persistence
- File manager
- Passowrds stealer
- Remote desktop
- Bitcoin grabber
- Downloader
- Keylogger
---
```
This project was only tested on local-lab[LAN]. I did not test it on external-lab[WAN].
Server tested on Windows 10, Client tested on virtual machine windows 7.
```
---
Notes
1. While using ransomware, restore point won't be deleted unless payload is running hight privilege
2. Anti-Kill (BSOD) won't work unless payload is running hight privilege