KingRat

Core Features

Comprehensive remote management capabilities

🖥️

Remote Desktop

Real-time screen capture and remote desktop control with mouse and keyboard input forwarding. High-performance frame streaming with optimized compression.

📁

File Browser

Complete file system navigation with upload, download, delete, and directory management. Browse drives and folders remotely with ease.

⚙️

Process Manager

Monitor and manage running processes. View process details, kill, suspend, or resume processes remotely with full control.

💻

Remote Shell

Execute commands remotely through an interactive shell interface. Full command-line access with real-time output streaming.

🔐

EDR Evasion

HTTPS protocol support to blend with normal web traffic. Uses standard port 443 to avoid detection by security systems.

🌐

Tor Integration

Built-in Tor proxy bridge support for anonymous communication. SOCKS5 gateway integration for enhanced privacy and security.

⌨️

Offline Keylogger

Persistent offline keylogging with local storage and persistence mechanisms. Tracks keystrokes independently of network connectivity, ensuring continuous monitoring even when disconnected. Data is securely stored and exfiltrated upon reconnection. Stealth operation with minimal footprint.

Architecture

Dual-component system design

Server

Native .Net

✓ Graphical user interface for client management
✓ HTTP/HTTPS server with auto-generated certificates
✓ Multi-client session with mass management
✓ Real-time client monitoring and control
✓ Binary protocol for efficient data transfer
✓ One-click PDF export of all commands/inputs sent to/from clients with offline persistence

Client

C/Assembly Native

✓ Ultra-lightweight: Only 20KB stub size despite extensive feature set
✓ Highly optimized native implementation for maximum efficiency
✓ HTTP POST/GET polling for commands
✓ Screen capture and input handling
✓ File system and process operations
✓ Session-based communication
✓ Fully resolved functions through indirect syscalls
✓ Advanced anti-analysis: Anti-VM, Anti-sandbox, Anti-debugging

Communication Flow

📤

Stub.exe $POST

Sends data & polls

→

🌐

HTTPS

Port 443

→

📥

KingRat Server Response

C&C & data

Technical Specifications

Built with security and performance in mind

Server Stack

• Tor gateway with .onion rerorouting built-in.
• HTTPS Server (Custom)
• SSL/TLS Certificate Management & Automation
• Binary Protocol Handler
• Modular Architecture

Client Stack

• Highly Optimized Architecture
• HTTPS Client (With Header Spoofing)
• Screen Capture (GDI & Asm Operations)
• Process Injection Support
• PE Loading Capabilities
• Indirect Syscalls (Fully Resolved)
• Anti-VM Detection
• Anti-Sandbox Protection
• Anti-Debugging Mechanisms

Protocol

• HTTPS (Port 443)
• Binary Data Encoding
• Session-based Communication
• POST/GET Request Pattern
• Chunked Data Transfer
• Command/Response Protocol

Security Features

• EDR Evasion Techniques
• Traffic Blending
• Tor Proxy Integration
• SOCKS5 Gateway
• SSL/TLS Encryption
• Session Management
• Indirect Syscall Resolution
• Multi-layer Anti-Analysis

Advanced Capabilities

Enterprise-grade remote management

📦

Ultra-Lightweight & Optimized

Despite packing extensive features including remote desktop, file management, process control, keylogging, and advanced anti-analysis capabilities, the client stub is only 20KB in size. Highly optimized codebase ensures maximum efficiency with minimal footprint, making it ideal for deployment scenarios where size and performance matter.

🎯

Real-time Remote Desktop

Stream desktop screens with optimized frame rates. Support for mouse and keyboard input forwarding with low latency. Adaptive quality based on network conditions.

📊

System Monitoring

Monitor client systems in real-time. View OS information, system resources, network status, and active processes. Comprehensive system visibility and control.

📄

Command & Input Exfiltration to PDF

Complete data exfiltration of all commands and inputs sent to/from clients. All communication is logged with offline persistence mechanisms, ensuring no data loss during disconnections. Export comprehensive logs to PDF with a single click for detailed analysis, documentation, and audit trails of all client interactions.

🛡️

Advanced Anti-Analysis Protection

Client implements sophisticated evasion techniques including fully resolved indirect syscalls to bypass API hooks, comprehensive Anti-VM detection to evade virtualized environments, Anti-sandbox mechanisms to detect analysis environments, and Anti-debugging protection to prevent reverse engineering attempts.

🔧

File Operations

Complete file system access with upload, download, delete, and directory navigation. Preview file contents and manage remote file systems efficiently.

⚡

Process Control

Full process management capabilities. View detailed process information, terminate, suspend, or resume processes remotely with administrative control.

⌨️

Persistent Offline Keylogger

Advanced keylogging system that operates independently of network connectivity. Features robust offline persistence mechanisms with local storage, ensuring continuous keystroke capture even during network disconnections. All logged data is securely stored and automatically exfiltrated upon reconnection, providing comprehensive activity tracking and analysis capabilities separate from command/input logging.

Backwards Compatibility

Full client support across all Windows versions

Windows XP

2001

✓

Windows Vista

2006

✓

Windows 7

2009

✓

Windows 8

2012

✓

Windows 8.1

2013

✓

Windows 10

2015

✓

Windows 11

2021

✓

Universal Compatibility • 20+ Years • 7 Major Versions