I noticed that our RAT is easily detected with netstat. We are going to persist this connection in a rather loud manner until we can get a rootkit to obfuscate the connection in netstat. This persistor will spawn 3 process that are reflectively migrated into 2 different critical processes. These boys will look out for their RAT friend and if he is destroyed the re-spawn him.
I noticed that our RAT is easily detected with netstat. We are going to persist this connection in a rather loud manner until we can get a rootkit to obfuscate the connection in netstat. This persistor will spawn 3 process that are reflectively migrated into 2 different critical processes. These boys will look out for their RAT friend and if he is destroyed the re-spawn him.