DCRat2
DCRat DarkCrystal RAT 2019 Russian underground. Plugin based modular. VBScript dropper. .Ru TLD C2. sostener LATAM targeting.
Threat Profile
Type
RAT
Programming LanguageC#/.NET
C2 ProtocolTCP/HTTP
First Seen2020
Targets
Küresel
Purpose / Capabilities
- Remote Access+Keylogging
C2 Servers 1
| Address | Port | Protocol | Status | Action |
|---|---|---|---|---|
geutqmonpmjthuux.ru
|
443 | HTTP | INACTIVE |
⚠ C2 addresses are shared solely for threat intelligence and defensive purposes. Unauthorized access to these addresses constitutes a criminal offense.
Research Reports (2)
DCRat -- sostener1.vbs İspanyolca VBScript Dropper, geutqmonpmjthuux.Ru DGA C2 | Yüksek
DCRat 1MB sostener1.vbs Ispanyolca VBScript dropper. geutqmonpmjthuux.Ru 15-karakter DGA benzeri C2. LATAM hedefleme.
Read Report →DCRat -- sostener1.vbs İspanyolca VBS, 18-Char Rastgele Değişken Obfuskasyon, "power"+"shell" AV Bypass | Yüksek
DCRat 1MB sostener1.vbs ispanyolca dropper. 18 karakter rastgele degisken geutqmonpmjthuux WScript.Shell. power+shell string split.
Read Report →