Androat APK Binder. One of the first RAT for android

Androat APK Binder. One of the first RAT for android

Before we start talking about the features of the Androrat APK, let's see how a RAT ( Remote A ccess T ool) works. 

A RAT is a “malware” type program that is used to control electronic devices, such as personal computers, tablets, mobile phones, etc. Or in other words, with this program, the "cybercriminals" have full access to the victim's device without her being aware of it. In the following image, we see a control scheme of a RAT.

As we can see in the image, the "offender" manages the RAT installed on a victim's computer with a piece of software called "client". Instead, the software that is installed on the victim is called a "server." At the level of network packets, the communication is always initiated by the victim or the "server", and reaches the criminal or the piece of software that controls the RAT, which is called the "client".

In our case, the Androrat APK package is designed to run the “server” part on a device with an Android operating system. Instead, the "client" part has to run on a Windows system.

The Androrat package is distributed with the following elements that run under windows:

• The program to create the "servers", will create an "apk" package that must be installed on a device with an Android operating system.
• Program to control the created servers.

We will first study the program to create the "servers" and then check the functionalities of this RAT with an example. In the following image, we show the main screen of the program that is used to create the server, or what is the same, with this program we will create an “apk” file for Android that will be the one that we will have to send to the victim to install it .

On this first screen, we see that there are three tabs.

• Build+Bind tab. It helps us to create a “server” by adding our RAT to an original Android program (apk file extension) with which we mask it. This masking serves so that both its installation and its delivery and execution go unnoticed by the victim. The data that we must provide to the "server maker" is the IP or name from where we will control the victim and the listening port. And, finally, we specify the program to which our RAT will be added to go unnoticed that it will be a valid Android program.
• Non-IP tab. « no-IP » is a free DNS service. This service is used to have an "Internet" name associated with our IP. It is a free service.
• The «Build» tab is used to build a «server» only in the RAT without adding it to a program as in the case of the first tab.

We assume that we have downloaded the Androrat APK Binder program from one of the repositories in which it is hosted ("Google is your friend ;-)"). We proceed to decompress it and we will find several directories and files.