Fraggle Rock is a RAT tool family. Many variants (Fraggle Rock 1.2, Fraggle Rock 1.43 Lite, Fraggle Rock 1.44 Lite, Fraggle Rock 1.50 Lite, Fraggle Rock 1.55 Lite, Fraggle Rock 1.56 Lite, Fraggle Rock 2.0, Fraggle Rock 2.00 Lite) appeared in the internet from February 2001 to June 2001. The origination place is England. It was designed as an ICO attack tool. This RAT has the ability to cause a DoS attack by continuous fast pinging. Some versions also may have the “keylogger” ability. The author is a hacker called Gobo.
From the publisher:
“FR Lite Version 1.55
London – UK
Currently Detected by .:NO:. Anti-Viral or Anti-Trojan products.
Unpacked Server = 88KK (9,112 bytes)
Features Include : CD Control Windows Control Keyboard Control Retrieve Passwords Keylogger Forced Chat Matrix Style Chat Hide-show Start button, Desktop Icons, Taskbar Icons, System Clock. Mouse Control Printer Control Set Clipboard Send To Web Site Message Box ICQ Online (IP) Notification File Explorer (View, Execute, Delete …) Uploader AOL Instant Messanger Control About System (Local Time, Machine Name …..) Launch DoS from Server and More
Server Editor Options (Fully configuarable) :
Set Data Port Set Start Up Key Set ICQ Notification Number Set DoS Target Set Upload Port Set Password Increase Server Size Pack Server Scramble Server (Server cannot be UNpacked using -d switch in UPX) Encode Server into VBS Script and Restore server.
FR Lite 2.0 Final Release
Release Date : – 04/12/01
Author : – Gobo
Known Bugs : – None
Detected by : – N/A
Server has the option to become a worm spreading through Outlook to all contacts in the Windows Address Book (WAB)
Server rewrites its registry key every 10 seconds
Server has auto restore function (9*/ME only)
Packed server is roughly 35K
3 Notification options – ICQ (new/working) – Email – CGI
Basic Features Rundown
Chat / Keylog (Chat With Victim) -Chat : Create an chat session with the victim, server side cannot close. -Matrix : Create a black screen with green terminal text, ala Matrix (Knock knock Neo …)
(KeySpy) -Real Time : Gey the key logs as they happen -Offline : Get all the the keylogs, weither you’ve been connected or not !
(Message Box) -Send : Send a message box to the server.
Get Info (cpu info) Get information on the server, including os version and product key, clipboard contents and more (passwords) Get cached / RAS passwords. Only works on 9* / ME servers.
File Manager -Drives : List all avaliable drives -Run : Execute a file, must have an executable extension. -View : View text files -Play : Play WAV files. -Delete : Duhhh ! -Upload : Upload file to victims C: drive.
Fun -CD Player : Open, close, stop, start. -Hide/Show : taskbar, clock, icons, Start button -Keyboard : Caps, nums and scroll lock and knightrider lights. -Windows : Shutdown, Restart -Mouse : Move mouse -Set Clipboard : Sets clipboards’ text. -Send to URL : Send victim to a website. (AIM) -Send Message : Send mesage “apparently from” -Join chat : Make their AIM join a chat room -Send to chat : Send text to chat room -Passwords : Get AIM usernames and passwords
To REMOVE the server type “remove” (without the quotes) in the Server IP box. You will then be asked if you wish to remove the server. Hitting [Yes] at this point will remove the servers startup key from the registry and kill the currently running server.
Fraggle Rock manual removal: