Open Discussion Here + FAQ

[Cryakl]

Feel free to talk or ask questions here.

What's the password to the archive? The password is "infected" in lowercase.

Is the software clean and uninfected? Mostly yes, if there is a backdoor/infection, I will write within the README itself. Including details on the backdoor, wether it is in the stub or builder.

Can you help me set up X software? I can try to help if you really don't understand, I will not assist in troubleshooting errors. These issues pertain to the RAT itself, things like 'AntiVM' or 'X feature not working'.

Why are split archives corrupt after manual download/corrupt in general? If you cannot enter the password 'infected' or the archive is corrupted. This is a problem with GitHub itself, and you need to download the entire repository.

[titu3e]

How to login into the craxrat I can't seem to get pass that stage

[Cryakl]

How to login into the craxrat I can't seem to get pass that stage

Assuming you're attempting to log in to Craxs Rat v5.1, a loader is provided with it. Video attached will show how to log in properly.

https://github.com/user-attachments/assets/4973c1d8-e4be-4639-9c55-6f27c433f87c

[titu3e]

thanks but i am facing this error while building an apk error : > Loading resource table from file: C:\Users***\AppData\Local\apktool\framework\1.apk it just keeps spamming this

[Cryakl]

thanks but i am facing this error while building an apk error : > Loading resource table from file: C:\Users***\AppData\Local\apktool\framework\1.apk it just keeps spamming this

Can you verify that you're filling all the blanks in the builder? I tried creating a build on Windows 10 and it did fine.

Another issue could be Windows Defender, as this APK is dropped into AppData and not in the CraxsRat directory. So you could try disable Windows Defender as the APK is essentially malware or add an exclusion to this path: C:\Users***\AppData\Local\apktool\framework

[titu3e]

do i need to install the apktool or a jdk? and what blanks did i need to fill?

[Cryakl]

do i need to install the apktool or a jdk? and what blanks did i need to fill?

These are all readily installed in Craxs Rat directory, you don't need to install any external apps. As for blanks, you should fill in "After Install" in "Options" tab, it never checks if you select here or not.

I recommend turning off Defender/Antivirus or adding an exclusion to the APK, I think that's the issue.

[titu3e]

Thanks i am trying rn but idk I got some synaptic.exe virus from somewhere not this repo ig . This is blocking my internet connection and maybe other things haven't found out yet .. What would u recommend for testing an Android rat ?

[Cryakl]

Thanks i am trying rn but idk I got some synaptic.exe virus from somewhere not this repo ig . This is blocking my internet connection and maybe other things haven't found out yet .. What would u recommend for testing an Android rat ?

Synaptics is a file-infecting virus which could also cause this issue, i'd really recommend clearing your PC from this. It will seek other .exe files on your computer and infect them, which will just cause big trouble in the long run. I heard KVRT can clean this without erasing them: https://www.kaspersky.com/downloads/free-virus-removal-tool

If you were going to test it, i'd recommend a Android Emulator such as BlueStacks to install the APK onto.

[titu3e]

Thanks i am trying rn but idk I got some synaptic.exe virus from somewhere not this repo ig . This is blocking my internet connection and maybe other things haven't found out yet .. What would u recommend for testing an Android rat ?

Synaptics is a file-infecting virus which could also cause this issue, i'd really recommend clearing your PC from this. It will seek other .exe files on your computer and infect them, which will just cause big trouble in the long run. I heard KVRT can clean this without erasing them: https://www.kaspersky.com/downloads/free-virus-removal-tool

If you were going to test it, i'd recommend a Android Emulator such as BlueStacks to install the APK onto.

thanks for the reply i removed it already but found out something that after running crax it adds a proxy automatically it shows turned off here cuz i did it

[Cryakl]

Thanks i am trying rn but idk I got some synaptic.exe virus from somewhere not this repo ig . This is blocking my internet connection and maybe other things haven't found out yet .. What would u recommend for testing an Android rat ?

Synaptics is a file-infecting virus which could also cause this issue, i'd really recommend clearing your PC from this. It will seek other .exe files on your computer and infect them, which will just cause big trouble in the long run. I heard KVRT can clean this without erasing them: https://www.kaspersky.com/downloads/free-virus-removal-tool If you were going to test it, i'd recommend a Android Emulator such as BlueStacks to install the APK onto.

thanks for the reply i removed it already but found out something that after running crax it adds a proxy automatically it shows turned off here cuz i did it

That's normal, while the loader is running it adds a proxy to "crack" the RAT itself. When you close the loader it should revert back to normal afterwards. Though the loader is required to be running as Craxs Rat pings in intervals.

[titu3e]

Thanks i am trying rn but idk I got some synaptic.exe virus from somewhere not this repo ig . This is blocking my internet connection and maybe other things haven't found out yet .. What would u recommend for testing an Android rat ?

Synaptics is a file-infecting virus which could also cause this issue, i'd really recommend clearing your PC from this. It will seek other .exe files on your computer and infect them, which will just cause big trouble in the long run. I heard KVRT can clean this without erasing them: https://www.kaspersky.com/downloads/free-virus-removal-tool If you were going to test it, i'd recommend a Android Emulator such as BlueStacks to install the APK onto.

thanks for the reply i removed it already but found out something that after running crax it adds a proxy automatically it shows turned off here cuz i did it

That's normal, while the loader is running it adds a proxy to "crack" the RAT itself. When you close the loader it should revert back to normal afterwards. Though the loader is required to be running as Craxs Rat pings in intervals.

oh alr thanks once again and are there any other android rats that i should try?

[Cryakl]

Thanks i am trying rn but idk I got some synaptic.exe virus from somewhere not this repo ig . This is blocking my internet connection and maybe other things haven't found out yet .. What would u recommend for testing an Android rat ?

Synaptics is a file-infecting virus which could also cause this issue, i'd really recommend clearing your PC from this. It will seek other .exe files on your computer and infect them, which will just cause big trouble in the long run. I heard KVRT can clean this without erasing them: https://www.kaspersky.com/downloads/free-virus-removal-tool If you were going to test it, i'd recommend a Android Emulator such as BlueStacks to install the APK onto.

thanks for the reply i removed it already but found out something that after running crax it adds a proxy automatically it shows turned off here cuz i did it

That's normal, while the loader is running it adds a proxy to "crack" the RAT itself. When you close the loader it should revert back to normal afterwards. Though the loader is required to be running as Craxs Rat pings in intervals.

oh alr thanks once again and are there any other android rats that i should try?

I don't really have recommendations, the Android RAT scene is mostly unstable copy pastes of eachother. As for Android RATs, there are a few in my repository, i'll probably update it with more soon: Pretty old ones that probably don't work on modern Androids: https://github.com/Cryakl/Ultimate-RAT-Collection/tree/main/AndroRat https://github.com/Cryakl/Ultimate-RAT-Collection/tree/main/DroidJack Some more modern variants of Android Rats: https://github.com/Cryakl/Ultimate-RAT-Collection/tree/main/EagleSpy https://github.com/Cryakl/Ultimate-RAT-Collection/tree/main/G700Rat https://github.com/Cryakl/Ultimate-RAT-Collection/tree/main/BrataRat This one is a multi-OS RAT, it also supports Android: https://github.com/Cryakl/Ultimate-RAT-Collection/tree/main/888Rat

[titu3e]

Thanks i am trying rn but idk I got some synaptic.exe virus from somewhere not this repo ig . This is blocking my internet connection and maybe other things haven't found out yet .. What would u recommend for testing an Android rat ?

Synaptics is a file-infecting virus which could also cause this issue, i'd really recommend clearing your PC from this. It will seek other .exe files on your computer and infect them, which will just cause big trouble in the long run. I heard KVRT can clean this without erasing them: https://www.kaspersky.com/downloads/free-virus-removal-tool If you were going to test it, i'd recommend a Android Emulator such as BlueStacks to install the APK onto.

thanks for the reply i removed it already but found out something that after running crax it adds a proxy automatically it shows turned off here cuz i did it

That's normal, while the loader is running it adds a proxy to "crack" the RAT itself. When you close the loader it should revert back to normal afterwards. Though the loader is required to be running as Craxs Rat pings in intervals.

its still the same error it just keeps spamming this

[Cryakl]

Thanks i am trying rn but idk I got some synaptic.exe virus from somewhere not this repo ig . This is blocking my internet connection and maybe other things haven't found out yet .. What would u recommend for testing an Android rat ?

Synaptics is a file-infecting virus which could also cause this issue, i'd really recommend clearing your PC from this. It will seek other .exe files on your computer and infect them, which will just cause big trouble in the long run. I heard KVRT can clean this without erasing them: https://www.kaspersky.com/downloads/free-virus-removal-tool If you were going to test it, i'd recommend a Android Emulator such as BlueStacks to install the APK onto.

thanks for the reply i removed it already but found out something that after running crax it adds a proxy automatically it shows turned off here cuz i did it

That's normal, while the loader is running it adds a proxy to "crack" the RAT itself. When you close the loader it should revert back to normal afterwards. Though the loader is required to be running as Craxs Rat pings in intervals.

its still the same error it just keeps spamming this

Hmm, i'm not sure what causes this honestly, looks like it's constantly trying to load the resource table. I can't replicate this or solve it for now.

[titu3e]

okay thanks

[Serik3205]

Hi, when I start EagleSpy 3.0, it enters the application and immediately crashes

[Cryakl]

Hi, when I start EagleSpy 3.0, it enters the application and immediately crashes

Not sure what causes this error on your end as it works fine on multiple machines. I also can't really debug here because the error message is generic, from EagleSpy itself. Try adding a defender exclusion or repairing/installing .NET Framework 4.8/4.0

[unoxyzmdfckz]

How do I unzip this, .008 (craxs) tried removing the extension and made it into 7z, but it says damaged files or corrupt.

[Cryakl]

How do I unzip this, .008 (craxs) tried removing the extension and made it into 7z, but it says damaged files or corrupt.

You need every part downloaded, from 001-008, etc. and to highlight them all for it to unzip correctly.

[unoxyzmdfckz]

How do I unzip this, .008 (craxs) tried removing the extension and made it into 7z, but it says damaged files or corrupt.

You need every part downloaded, from 001-008, etc. and to highlight them all for it to unzip correctly.

Oh shii, tysm

[8msv]

THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS

[unoxyzmdfckz]

THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS

Some of them are.

[Cryakl]

THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS THE BUILDERS ARE RATS

I'm not sure if you realize, but this is static analysis from Triage.

It's looking at the plugins here such as "Recovery.dll" or "Stealer.dll". XWorm is infamous for being a hybrid based off of other RAT source codes. Hence, the StormKitty detection which is also partially ripped off AsyncRat.

As for the AgentTesla detection, this is generic and a false positive. Happens even when you analyze SpyNote, Anarchy Panel, EagleSpy, etc. on Triage.

The XWorm V5.6 executable is relatively unobfuscated as well as the plugins. So feel free to decompile it with dnSpy or JustDecompile.

[RageShadowz]

Hello, I have a problem with the DarkCrystalRat program. When I download and open the archive, I am told that the archive is damaged and logically it does not open. Is it my computer's fault, or is there really something wrong with the files?

[unoxyzmdfckz]

Hello, I have a problem with the DarkCrystalRat program. When I download and open the archive, I am told that the archive is damaged and logically it does not open. Is it my computer's fault, or is there really something wrong with the files?

Hello, read the messages above, I have this same problem and it worked, download 7 zip, download the files (.001 - .008), highlight them all then 7zip > extract here, infected is the password.

[RageShadowz]

Hello, I have a problem with the DarkCrystalRat program. When I download and open the archive, I am told that the archive is damaged and logically it does not open. Is it my computer's fault, or is there really something wrong with the files?

Hello, read the messages above, I have this same problem and it worked, download 7 zip, download the files (.001 - .008), highlight them all then 7zip > extract here, infected is the password.

thanks, I'll try it now

[powerty989]

Help, i have problems with port forwarding at any rat builder, when i use playit static ip user won't appear at list, but if i will use regular ip it will work

[Cryakl]

Hello, I have a problem with the DarkCrystalRat program. When I download and open the archive, I am told that the archive is damaged and logically it does not open. Is it my computer's fault, or is there really something wrong with the files?

Essentially, you highlight them both and extract them like here:

[Cryakl]

Help, i have problems with port forwarding at any rat builder, when i use playit static ip user won't appear at list, but if i will use regular ip it will work

Sorry, but I can't help you with this. Using Playit to host malware, even for educational purposes like infecting a VM is not allowed:

[powerty989]

Help, i have problems with port forwarding at any rat builder, when i use playit static ip user won't appear at list, but if i will use regular ip it will work

Sorry, but I can't help you with this. Using Playit to host malware, even for educational purposes like infecting a VM is not allowed:

which service i can use then?

[Cryakl]

Help, i have problems with port forwarding at any rat builder, when i use playit static ip user won't appear at list, but if i will use regular ip it will work

Sorry, but I can't help you with this. Using Playit to host malware, even for educational purposes like infecting a VM is not allowed:

which service i can use then?

Not sure, even using ngrok for educational purposes like that is not allowed.

[powerty989]

Help, i have problems with port forwarding at any rat builder, when i use playit static ip user won't appear at list, but if i will use regular ip it will work

Sorry, but I can't help you with this. Using Playit to host malware, even for educational purposes like infecting a VM is not allowed:

which service i can use then?

Not sure, even using ngrok for educational purposes like that is not allowed.

What is the reason of it not working, before it worked fine, but not it just stopped working

[Cryakl]

Help, i have problems with port forwarding at any rat builder, when i use playit static ip user won't appear at list, but if i will use regular ip it will work

Sorry, but I can't help you with this. Using Playit to host malware, even for educational purposes like infecting a VM is not allowed:

which service i can use then?

Not sure, even using ngrok for educational purposes like that is not allowed.

What is the reason of it not working, before it worked fine, but not it just stopped working

Playit is cracking down on abuse, IE, hosting RATs or malware. So probably they're blocking the connection.

[powerty989]

Help, i have problems with port forwarding at any rat builder, when i use playit static ip user won't appear at list, but if i will use regular ip it will work

Sorry, but I can't help you with this. Using Playit to host malware, even for educational purposes like infecting a VM is not allowed:

which service i can use then?

Not sure, even using ngrok for educational purposes like that is not allowed.

What is the reason of it not working, before it worked fine, but not it just stopped working

Playit is cracking down on abuse, IE, hosting RATs or malware. So probably they're blocking the connection.

Why we should use services such as playit, ngrok, hidemyname, and not usual ip

[Cryakl]

Help, i have problems with port forwarding at any rat builder, when i use playit static ip user won't appear at list, but if i will use regular ip it will work

Sorry, but I can't help you with this. Using Playit to host malware, even for educational purposes like infecting a VM is not allowed:

which service i can use then?

Not sure, even using ngrok for educational purposes like that is not allowed.

What is the reason of it not working, before it worked fine, but not it just stopped working

Playit is cracking down on abuse, IE, hosting RATs or malware. So probably they're blocking the connection.

Why we should use services such as playit, ngrok, hidemyname, and not usual ip

In a standpoint from an attacker, using your usual IP will just get you arrested/your ISP removing your internet connection. So obviously, they will use a service like a VPN to hide their real IP, these services abide by law and you can get arrested here easily too.

[powerty989]

will vpn such as proton vpn work?

[Cryakl]

will vpn such as proton vpn work?

ProtonVPN supports port forwarding, so yes, that would work. But they would forward your info to LEA and block your account in case of illegal activity.

[Dazmed707]

I have CraxsRat 6.7 6.8 7.4 and method for FUD APK @stevesec

[titu3e]

will vpn such as proton vpn work?

ProtonVPN supports port forwarding, so yes, that would work. But they would forward your info to LEA and block your account in case of illegal activity.

why not just use aws free tier fir this? as far as only using it on ur own devices for educational purposes

[powerty989]

will vpn such as proton vpn work?

ProtonVPN supports port forwarding, so yes, that would work. But they would forward your info to LEA and block your account in case of illegal activity.

why not just use aws free tier fir this? as far as only using it on ur own devices for educational purposes

Isn't it needs cc?

[powerty989]

even my usual ip won't work not

[titu3e]

will vpn such as proton vpn work?

ProtonVPN supports port forwarding, so yes, that would work. But they would forward your info to LEA and block your account in case of illegal activity.

why not just use aws free tier fir this? as far as only using it on ur own devices for educational purposes

Isn't it needs cc?

yeah a credit card or debit

[drdoom21]

hey ocrus rat dont work for me crashes when i open it

[drdoom21]

also some of them say corrupted file is that just for me?

[Cryakl]

hey ocrus rat dont work for me crashes when i open it

Try installing .NET Framework 4.8 or repairing if it's already installed.

also some of them say corrupted file is that just for me?

Could you be entering the password wrong? Maybe also you are trying to extract a multi-zip wrong, highlight them all, like here before extracting:

[drdoom21]

hey ocrus rat dont work for me crashes when i open it

Try installing .NET Framework 4.8 or repairing if it's already installed.

also some of them say corrupted file is that just for me?

Could you be entering the password wrong? Maybe also you are trying to extract a multi-zip wrong, highlight them all, like here before extracting:

No I don’t even get the chance to type the password it’s as soon as I download it and open it in winrar it says corrupted and deletes the file

[Cryakl]

hey ocrus rat dont work for me crashes when i open it

Try installing .NET Framework 4.8 or repairing if it's already installed.

also some of them say corrupted file is that just for me?

Could you be entering the password wrong? Maybe also you are trying to extract a multi-zip wrong, highlight them all, like here before extracting:

No I don’t even get the chance to type the password it’s as soon as I download it and open it in winrar it says corrupted and deletes the file

You may be using a old version of WinRar, I can't replicate this at all. Can you point me towards what archives are causing this error so I can take a closer look?

[maxresdefault]

Can anyone determine or recommend what the "best" rat is for: Cross-Platform Windows Mac

[Cryakl]

Can anyone determine or recommend what the "best" rat is for: Cross-Platform Windows Mac

Java RATs can be cross-platform, I have archived a few RATs that output java payloads in my repo. Netwire can also output binaries for Mac, though it is defunct, I have archived the trial versions.

[maxresdefault]

Can anyone determine or recommend what the "best" rat is for: Cross-Platform Windows Mac

Java RATs can be cross-platform, I have archived a few RATs that output java payloads in my repo. Netwire can also output binaries for Mac, though it is defunct, I have archived the trial versions.

I'm mostly wondering in terms of features, stealthiness which rat do you think is the best?