Dcrat

Malware updated 2 months ago (2024-10-03T23:01:57.642Z)

Download STIX

Preview STIX

DcRAT is a malicious software (malware) known as a Remote Access Trojan (RAT), which has been utilized in a widespread campaign to exploit computer systems. The malware infiltrates systems through deceptive methods, including downloads from fake Google Meet and OnlyFans sites. When a user interacts with these fraudulent sites, such as clicking on a Windows button, it triggers the download of a BAT file that subsequently downloads the DcRAT payload. Throughout 2023, this downloader was observed delivering various other threats, including njRAT, DarkComet, AgentTesla, and more. Notably, DcRAT and similar malware have the potential to compromise critical infrastructure systems, such as power grids and oil pipelines, posing significant security risks. The deployment of DcRAT has notably shifted towards targeting Russian-speaking users via HTML smuggling. This technique involves delivering malicious code to the user's browser under the guise of legitimate content, thereby bypassing traditional network security measures. Furthermore, the malware has been distributed in conjunction with other RATs, such as Apocalypse ClipBanker and RADXRat. A quick method to identify DcRAT is by examining the PBKDF2 salt value using appropriate tools. In December 2023, Zscaler’s ThreatLabz uncovered a campaign involving spoofed Google Meet, Zoom, and Skype websites used to facilitate the deployment of various remote access trojans. Windows systems impacted by these attacks were compromised with the NjRAT and DCRat trojans, while SpyNote RAT was distributed to targeted Android devices. These RATs can steal confidential information, log keystrokes, and potentially control infected systems. Therefore, users are urged to exercise caution when downloading files or interacting with suspicious websites.

Description last updated: 2024-10-03T22:17:25.731Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
njRAT is a possible alias for Dcrat. NjRAT is a remote-access Trojan (RAT) that has been in use since 2013, often deployed in both criminal and targeted attacks. This malware can infiltrate systems via suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside a system, NjRAT can steal personal information, d	4
Agenttesla is a possible alias for Dcrat. AgentTesla is a well-known Remote Access Trojan (RAT) and infostealer malware that has been used in numerous cyber-attacks. It is often delivered through malicious emails or downloads, and once inside a system, it can steal personal information, disrupt operations, or even hold data hostage for rans	2
DarkComet is a possible alias for Dcrat. DarkComet is a Remote Access Trojan (RAT) that opens a backdoor on infected computers, allowing unauthorized access and data theft. This malware has been classified among the top five Command and Control (C2) families, indicating its widespread usage by cybercriminals. DarkComet, along with other es	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Rat

Windows

Android

Payload

Skype

Malware

Github

Trojan

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The Spynote Malware is associated with Dcrat. SpyNote is a malicious software (malware) designed to exploit and damage computer systems, often infecting devices through suspicious downloads, emails, or websites. A newer variant of SpyNote has been observed using the Accessibility API to target well-known cryptocurrency wallets. The malware is d	Unspecified	3

Source Document References

Information about the Dcrat Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
DARKReading	2 months ago	Ukraine-Russia Cyber Battles Have Real-World Impact
DARKReading	6 months ago	AI Voice Generator App Used to Drop Gipy Malware
CERT-EU	8 months ago	Online meeting app lures leveraged for RAT delivery
InfoSecurity-magazine	8 months ago	RATs Spread Via Fake Skype, Zoom, Google Meet Sites
CERT-EU	8 months ago	Watch Out for Spoofed Zoom, Skype, Google Meet Sites Delivering Malware – GIXtools
DARKReading	9 months ago	Spoofed Zoom, Google & Skype Meetings Spread Corporate RATs
InfoSecurity-magazine	9 months ago	Skype, Google Meet, and Zoom Used in New Trojan Scam Campaign
CERT-EU	9 months ago	Android and Windows RATs Distributed Via Online Meeting Lures \| Zscaler
CERT-EU	9 months ago	Android and Windows RATs Distributed Via Online Meeting Lures \| Zscaler
CERT-EU	9 months ago	Weekly Cyber Security News Letter & Threats Roundup -March 24 \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
CERT-EU	9 months ago	Hackers Selling DCRat Malware Subscriptions For $5 on Telegram
CERT-EU	a year ago	SapphireStealer: Open-source information stealer enables credential and data theft
CERT-EU	a year ago	Extensive targeting exhibited by novel Mystic Stealer malware
CERT-EU	a year ago	Hackers Hiding DcRAT Malware in Fake OnlyFans Content
Securityaffairs	a year ago	Talos wars of customizations of the open-source info stealer SapphireStealer
CERT-EU	a year ago	Hackers Hiding DcRAT Malware in Fake OnlyFans Content \| IT Security News
CERT-EU	a year ago	OnlyDcRatFans: Malware Distributed Using Explicit Lures of OnlyFans…