Dlrat

Malware Profile Updated 25 days ago
Download STIX
Preview STIX
DLRAT is a potent malware, classified as a Remote Access Trojan (RAT), developed and deployed by the Lazarus group. It functions both as a trojan and a downloader, capable of introducing additional payloads into an infected system. The malware infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, DLRAT can cause significant damage, ranging from stealing personal information to disrupting operations, even potentially holding data hostage for ransom. The operational sequence of DLRAT begins with executing hard-coded commands to collect preliminary system information. This includes details such as the operating system specifics, network MAC address, and other relevant data. This information is then transmitted back to the Command and Control (C2) server. The ability to gather this initial data allows the attackers to better understand the infected environment and plan subsequent actions accordingly. In addition to its data collection capabilities, DLRAT also possesses RAT functionalities, which provide remote control over the compromised system. It further acts as a downloader for additional malware payloads, thus enhancing its disruptive potential. This multi-functionality makes DLRAT a significant threat to cybersecurity, necessitating robust protective measures against such sophisticated attacks.
What's your take? (Question 1 of 1)
b2272509-5271-4591-9485-17ee7e4924f9 Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Ninerat
2
NineRAT is a malware strain developed by the Lazarus group, and it was first used in Operation Blacksmith in March 2022 against a South American agricultural organization. The malware was initially built around May 2022 and was later observed being utilized in September against a European manufactur
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Dlrat Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
6 months ago
Lazarus hackers drop new RAT malware using 2-year-old Log4j bug
CERT-EU
6 months ago
Lazarus Group bang on trend with memory-safe Dlang malware
CERT-EU
5 months ago
Breaking Cyber News From Cyberint - Cyberint
Securityaffairs
6 months ago
Operation Blacksmith: Lazarus exploits Log4j flaws to deploy DLang malware