Sorillus RAT

Sorillus RAT is a sophisticated Java-based remote access trojan (RAT) marketed as malware‑as‑a‑service. It targets Windows, macOS, and Linux systems, enabling attackers to remotely control infected devices, steal credentials, capture webcam/mic, record keystrokes, and exfiltrate data—all while remaining stealthy.

---

Threat Overview

Category	Details
Threat type	Trojan, spyware, info‑stealer, remote access malware
Detection names	AliCloud (Trojan:Java/Ratty.AL), ESET‑NOD32 (A Variant Of Java/Ratty.AI), Kaspersky (HEUR:Backdoor.Java.Adwind.gen), Tencent (Java.Backdoor.Adwind.Kajl), Combo Cleaner (Trojan.GenericKD.76311104)
Symptoms of infection	Silent operation—no visible pop-ups, but system may run slower or network traffic to unknown servers
Damage & distribution	Steals hardware info, cryptic details, screenshots, webcam footage, clipboard, keystrokes; delivered via fake‑invoice emails with JAR payload, cracked software, redirections
Danger level	High — full system compromise and data exfiltration
Removal tool	SpyHunter – Download here

---

In‑Depth Threat Profile

How I got infected
Victims typically receive a fake-invoice email containing a PDF or ZIP file. The PDF redirects to a OneDrive page, then to a malicious site that downloads a disguised JAR file. Opening the JAR executes the RAT—Java must be present on the system.

What it does

• Data collection: hardware ID, OS details, country, language, installed apps
• Surveillance: screenshots, webcam/microphone capture, keystroke logging
• System control: file/process management, HTTP file transfers, zipping and exfiltrating data, self‑uninstall/reboot
• Persistence & C2 communication: copies itself to AppData/Roaming or UNIX equivalent, adds autostart entry (registry on Windows), modifies permissions, then contacts its command and control server on TCP port 1122

Should you be worried?
Absolutely. Sorillus RAT grants attackers complete access to your machine and all data—passwords, personal files, banking information. It can also serve as a gateway for additional malware or botnets.

---

Version & Service Notes

• Believed to be first released in early 2022 with updates continuing into mid‑2022
• Sold via Sorillus[.]com and YouTube channel “Tapt” for €59.99 (full) or €19.99 (discounted)
• Infrastructure dismantled in 2025 as part of Operation Talent

---

Why Sorillus RAT Is Dangerous

With cross-platform capability, powerful surveillance tools, stealth, and flexible delivery, this RAT poses significant threats to privacy and security. Cybercriminals use it to mine credentials, spy on users, hijack devices, extort victims, or recruit machines into botnets.

Manual Trojan Malware Removal Guide

Step 1: Boot into Safe Mode

1. Restart your computer.
2. Before Windows starts, press the F8 key (or Shift + F8 on some systems).
3. Select Safe Mode with Networking from the Advanced Boot Options menu.
4. Press Enter to boot.

This prevents the Trojan from running and makes it easier to remove.

---

Step 2: Identify and Stop Malicious Processes

1. Press Ctrl + Shift + Esc to open Task Manager.
2. Go to the Processes tab (or Details in Windows 10/11).
3. Look for suspicious processes using high CPU or memory, or with unfamiliar names.
4. Right-click on the suspicious process and select Open File Location.
5. If the file is in a temporary or system folder and looks unfamiliar, it is likely malicious.
6. Right-click the process and choose End Task.
7. Delete the associated file in File Explorer.

---

Step 3: Remove Trojan-Related Files and Folders

1. Press Win + R, type %temp%, and press Enter.
2. Delete all files in the Temp folder.
3. Also check these directories for unfamiliar or recently created files:
   • C:\Users\YourUser\AppData\Local\Temp
   • C:\Windows\Temp
   • C:\Program Files (x86)
   • C:\ProgramData
   • C:\Users\YourUser\AppData\Roaming
4. Delete suspicious files or folders.

---

Step 4: Clean Trojan Malware from Registry

1. Press Win + R, type regedit, and press Enter.
2. Navigate to the following paths:
   • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
3. Look for entries launching files from suspicious locations.
4. Right-click and delete any entries you don’t recognize.

Warning: Editing the registry can harm your system if done improperly. Proceed with caution.

---

Step 5: Reset Browser Settings

Google Chrome

1. Go to Settings > Reset Settings.
2. Click Restore settings to their original defaults and confirm.

Mozilla Firefox

1. Go to Help > More Troubleshooting Information.
2. Click Refresh Firefox.

Microsoft Edge

1. Go to Settings > Reset settings.
2. Click Restore settings to their default values.

---

Step 6: Run a Full Windows Defender Scan

1. Open Windows Security via Settings > Update & Security.
2. Click Virus & threat protection.
3. Choose Scan options, select Full scan, and click Scan now.

---

Step 7: Update Windows and Installed Software

1. Press Win + I, go to Update & Security > Windows Update.
2. Click Check for updates and install all available updates.

---

Automatic Trojan Removal Using SpyHunter

If manually removing the Trojan seems difficult or time-consuming, using SpyHunter is the recommended method. SpyHunter is an advanced anti-malware tool that detects and eliminates Trojan infections effectively.

Step 1: Download SpyHunter

Use the following official link to download SpyHunter: Download SpyHunter

For full instructions on how to install, follow this page: Official SpyHunter Download Instructions

---

Step 2: Install SpyHunter

1. Locate the SpyHunter-Installer.exe file in your Downloads folder.
2. Double-click the installer to begin setup.
3. Follow the on-screen prompts to complete the installation.

---

Step 3: Scan Your System

1. Open SpyHunter.
2. Click Start Scan Now.
3. Let the program detect all threats, including Trojan components.

---

Step 4: Remove Detected Malware

1. After the scan, click Fix Threats.
2. SpyHunter will automatically quarantine and remove all identified malicious components.

---

Step 5: Restart Your Computer

Restart your system to ensure all changes take effect and the threat is completely removed.

---

Tips to Prevent Future Trojan Infections

• Avoid downloading pirated software or opening unknown email attachments.
• Only visit trusted websites and avoid clicking on suspicious ads or pop-ups.
• Use a real-time antivirus solution like SpyHunter for ongoing protection.
• Keep your operating system, browsers, and software up to date.

---

Conclusion

Sorillus RAT is a high‑end Java-based malware that threatens all major desktop platforms. If you suspect infection, disconnect immediately, run a full scan with SpyHunter, and clean any suspicious JAR files or startup entries. Even after removal, change passwords and monitor for unusual activity.