AllatoriJavaRAT

Java RAT protected with Allatori Java Obfuscator. Main class a.IIlIlllIII (l/I mixing obfuske). Makes Windows API calls using JNA (Java Native Access): Advapi32 (registry/token), Shell32 (shell execution), IPHlpAPI (network). It's not like the Adwind/jRAT/Jabber-Bot family. No Cleartext C2.

Threat Profile
Type RAT
Programming LanguageJava
C2 Protocolcustom
First Seen2026
Targets Kuresel
Purpose / Capabilities
  • Remote Access/Data Theft
No C2 servers have been identified for this family yet.

Research Reports (1)

High

AllatoriJavaRAT 1d5bea0a -- Allatori-Obfuscated Java IIlIlllIIII JNA Advapi32 Shell32 IPHlpAPI Cfgmgr32 Windows-API Java-Native-Access | Yuksek

AllatoriJavaRAT 1d5bea0a JAR 1.6MB. Allatori obfusikasyon. Main: a.IIlIlllIIII. JNA (Java Native Access): Advapi32, Shell32, IPHlpAPI, Cfgmgr32. Adwind/jRAT benzeri Java RAT.

Read Report →