AllatoriJavaRAT
Java RAT protected with Allatori Java Obfuscator. Main class a.IIlIlllIII (l/I mixing obfuske). Makes Windows API calls using JNA (Java Native Access): Advapi32 (registry/token), Shell32 (shell execution), IPHlpAPI (network). It's not like the Adwind/jRAT/Jabber-Bot family. No Cleartext C2.
Threat Profile
Type
RAT
Programming LanguageJava
C2 Protocolcustom
First Seen2026
Targets
Kuresel
Purpose / Capabilities
- Remote Access/Data Theft
No C2 servers have been identified for this family yet.
Research Reports (1)
AllatoriJavaRAT 1d5bea0a -- Allatori-Obfuscated Java IIlIlllIIII JNA Advapi32 Shell32 IPHlpAPI Cfgmgr32 Windows-API Java-Native-Access | Yuksek
AllatoriJavaRAT 1d5bea0a JAR 1.6MB. Allatori obfusikasyon. Main: a.IIlIlllIIII. JNA (Java Native Access): Advapi32, Shell32, IPHlpAPI, Cfgmgr32. Adwind/jRAT benzeri Java RAT.
Read Report →