Dlrat

Malware updated 23 days ago (2024-11-29T14:09:17.476Z)
Download STIX
Preview STIX
DLRAT is a potent malware, classified as a Remote Access Trojan (RAT), developed and deployed by the Lazarus group. It functions both as a trojan and a downloader, capable of introducing additional payloads into an infected system. The malware infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, DLRAT can cause significant damage, ranging from stealing personal information to disrupting operations, even potentially holding data hostage for ransom. The operational sequence of DLRAT begins with executing hard-coded commands to collect preliminary system information. This includes details such as the operating system specifics, network MAC address, and other relevant data. This information is then transmitted back to the Command and Control (C2) server. The ability to gather this initial data allows the attackers to better understand the infected environment and plan subsequent actions accordingly. In addition to its data collection capabilities, DLRAT also possesses RAT functionalities, which provide remote control over the compromised system. It further acts as a downloader for additional malware payloads, thus enhancing its disruptive potential. This multi-functionality makes DLRAT a significant threat to cybersecurity, necessitating robust protective measures against such sophisticated attacks.
Description last updated: 2024-05-04T17:35:34.342Z
What's your take? (Question 1 of 2)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Ninerat is a possible alias for Dlrat. NineRAT is a malicious software, or malware, that was first built in May 2022 and initially used in the Operation Blacksmith campaign against a South American agricultural organization in March. It is one of two Remote Access Trojans (RATs) utilized by Lazarus, a notorious Advanced Persistent Threat
3
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Downloader
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Dlrat Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more