ParadoxiaRat Native Windows Remote access Tool
ParadoxiaRat Native Windows Remote access Tool

ParadoxiaRat: Native Windows Remote access Tool

There are many different types of RATs, but those that run on Windows computers are common. paradoxiaRAT is one of them.

Windows Remote Access Trojans (RATs) are a class of malicious software typically installed on the victim’s computer through a variety of means, such as exploiting a vulnerability in an application or tricking the victim into clicking links in spam email messages. Once installed, the RAT gives the attacker the ability to control and monitor the infected computer remotely.

Features

Paradoxia Console

FeatureDescription
Easy to useParadoxia is extremely easy to use, So far the easiest rat!
Root Shell
Automatic Client buildBuild Paradoxia Client easily with or without the icon of your choice.
MultithreadedMultithreaded Console server, You can get multiple sessions.
Toast NotificationsDesktop notification on new session
Configurable SettingsConfigurable values in paradoxia.ini
Kill SessionsKill Sessions without getting in session.
View Session informationView Session information without getting in Session.

Paradoxia Client

"
"
FeatureDescription
StealthRuns in background.
Full File AccessFull access to the entire file system.
PersistenceInstalls inside APPDATA and has startup persistence via Registry key.
Upload / Download FilesUpload and download files.
ScreenshotTake screenshot.
Mic RecordingRecord Microphone.
Chrome Password RecoveryDump Chrome Passwords using Reflective DLL (Does not work on latest version) :shipit:
KeyloggerLog Keystrokes and save to file via Reflective DLL.
GeolocateGeolocate Paradoxia Client.
Process InfoGet Process information.
DLL InjectionReflective DLL Injection over Socket, Load your own Reflective DLL, OR use ones available here.
Power offPower off the Client system.
RebootReboot the client system.
MSVC + MINGW SupportVisual studio project is also included.
Reverse ShellStable Reverse Shell.
Small ClientMaximum size is 30kb without icon.

Installation (via APT)

git clone https://github.com/quantumcored/paradoxiaRAT
cd paradoxiaRAT
chmod +x install.sh
sudo ./install.sh

Example Usage

  • Run Paradoxia
sudo python3 paradoxia.py
  • Once in paradoxia Console, The first step would be to build the Client, Preferably with an Icon.
Setting ParadoxiaRat
Setting ParadoxiaRat
  • After that’s built, As you can see below it is detected by Windows Defender as a severe malware. Which is expected since it IS malware.
Detected by Windows Defender
Detected by Windows Defender
  • I’m going to transfer the client on a Windows 10 Virtual machine and execute it. After Executing it, It appears under Startup programs in task manager.
Startup from Task manager
Startup from Task manager
  • Also it has copied itself inside Appdata directory and installed under the name we specified during build.
Appdata directory
Appdata directory
  • First thing I’d do is get in the session and view information.
Session Opened
Session Opened
  • There are plenty of things we can do right now, but for example only, I will demonstrate keylogging.
Demo keylogging
Demo keylogging

You can see in the image above that It says it successfully injected dll, And in file listing there is a file named log.log, Which contains the logged keystrokes.

  • Lets view captured keystrokes.
Logged keystrokes
Logged keystrokes

Legal Notice

The Developer is not responsible for any misuse of Damage caused by the program. This is created only to innovate InfoSec and YOU.