TrollRAT is an open-source remote administration tool developed by Leurak. It's designed to make the computer appear messed up while a scammer pretending to be a technician is connected to it remotely. For more info, check out the GitHub repository. You can also look up "trollrat" on YouTube for various demonstration videos.
Download TrollRAT (MD5 hash: 6314D3E08A23080248FFBB67EADD678D)
Please do not use it for malicious purposes.
TrollRAT only works on computers running Microsoft Windows XP or newer (Vista, 7, 8, 10).
How to set up TrollRAT:
- Extract the files from
TrollRAT.zip(they should beTrollRAT.exeand aPluginsfolder) wherever you want, but make sure they're in the same folder. - Run the TrollRAT executable. If you get a User Account Control prompt, say yes.
- Nothing should show up, it'll run in the background. To make sure it's running, open Task Manager and check the "processes" section.
- On another device (computer, tablet, or smartphone) connected to the same network as the computer TrollRAT is running on, or on your host machine if you ran TrollRAT in a virtual machine, open a web browser and visit the local IP address of the computer TrollRAT is running on, on port 1337.
- E.G.: if TrollRAT is running on a machine with the local IP address
192.168.0.2, type192.168.0.2:1337in your web browser.
- E.G.: if TrollRAT is running on a machine with the local IP address
- You're ready to have fun.
How to quit TrollRAT (stop it from running in the background):
End its process from Task Manager, or restart your computer.
If you don't know your machine's local IP address:
Open the Command Prompt, type ipconfig and press Enter. Note the "IPv4 address" (or "IPv6 address" if you use IPv6).
If you see many IP addresses but you're not sure which one is the right one, try all of them (excluding "subnet mask" and "gateway"). See if you can scroll up and down in the Command Prompt window. Don't forget to add :1337 at the end.
If you're using a virtual machine and you're sure you've got the right IP address, but it still doesn't work, change your VM's networking settings from "NAT" to "Bridged". It's not always required, but it will fix this problem if you have it.
Warning: Switching the VM's networking to bridged will let the VM see other devices in your local network, as if the VM was connected to your router directly. If you have any servers or anything in your local network (e.g. NAS), make sure they're password protected or offline, and if the VM asks for a location of the network, choose "Public".
If no plugins/payloads show up:
- Quit
TrollRAT.exefrom Task Manager. - Go to the folder where the TrollRAT files are.
- Right click on
TrollRAT.exe, click Properties, then Unblock, then OK. - Open the
Pluginsfolder, then open theTrollRATPayloadsinside it. For each file in that folder, right-click on it, click Properties, then Unblock, then OK.- (By default, there should be three files in the
TrollRATPayloadsfolder. If there are fewer files than that, or if you don't see thePluginsand/orTrollRATPayloadsfolder(s) at all, you downloaded a corrupt or incomplete copy of the program.)
- (By default, there should be three files in the
- Run TrollRAT again.
Guide written by TheComputerGuy96. Back to home page