Dlrat

Malware updated 7 months ago (2024-05-04T18:18:46.918Z)

Download STIX

Preview STIX

DLRAT is a potent malware, classified as a Remote Access Trojan (RAT), developed and deployed by the Lazarus group. It functions both as a trojan and a downloader, capable of introducing additional payloads into an infected system. The malware infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, DLRAT can cause significant damage, ranging from stealing personal information to disrupting operations, even potentially holding data hostage for ransom. The operational sequence of DLRAT begins with executing hard-coded commands to collect preliminary system information. This includes details such as the operating system specifics, network MAC address, and other relevant data. This information is then transmitted back to the Command and Control (C2) server. The ability to gather this initial data allows the attackers to better understand the infected environment and plan subsequent actions accordingly. In addition to its data collection capabilities, DLRAT also possesses RAT functionalities, which provide remote control over the compromised system. It further acts as a downloader for additional malware payloads, thus enhancing its disruptive potential. This multi-functionality makes DLRAT a significant threat to cybersecurity, necessitating robust protective measures against such sophisticated attacks.

Description last updated: 2024-05-04T17:35:34.342Z

What's your take? (Question 1 of 2)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Ninerat is a possible alias for Dlrat. NineRAT is a malicious software, or malware, that was first built in May 2022 and initially used in the Operation Blacksmith campaign against a South American agricultural organization in March. It is one of two Remote Access Trojans (RATs) utilized by Lazarus, a notorious Advanced Persistent Threat	3

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Malware

Downloader

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Dlrat Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
DARKReading	a year ago	Lazarus Group Is Still Juicing Log4Shell, Using RATs Written in 'D'
Securityaffairs	a year ago	Operation Blacksmith: Lazarus exploits Log4j flaws to deploy DLang malware
CERT-EU	a year ago	Breaking Cyber News From Cyberint - Cyberint
CERT-EU	a year ago	Lazarus hackers drop new RAT malware using 2-year-old Log4j bug
CERT-EU	a year ago	Lazarus Group bang on trend with memory-safe Dlang malware