DCRat2

DCRat DarkCrystal RAT 2019 Russian underground. Plugin based modular. VBScript dropper. .Ru TLD C2. sostener LATAM targeting.

Threat Profile
Type RAT
Programming LanguageC#/.NET
C2 ProtocolTCP/HTTP
First Seen2020
Targets Küresel
Purpose / Capabilities
  • Remote Access+Keylogging

C2 Servers 1

Address Port Protocol Status Action
geutqmonpmjthuux.ru
443 HTTP INACTIVE

⚠ C2 addresses are shared solely for threat intelligence and defensive purposes. Unauthorized access to these addresses constitutes a criminal offense.

Research Reports (2)

High

DCRat -- sostener1.vbs İspanyolca VBScript Dropper, geutqmonpmjthuux.Ru DGA C2 | Yüksek

DCRat 1MB sostener1.vbs Ispanyolca VBScript dropper. geutqmonpmjthuux.Ru 15-karakter DGA benzeri C2. LATAM hedefleme.

Read Report →
High

DCRat -- sostener1.vbs İspanyolca VBS, 18-Char Rastgele Değişken Obfuskasyon, "power"+"shell" AV Bypass | Yüksek

DCRat 1MB sostener1.vbs ispanyolca dropper. 18 karakter rastgele degisken geutqmonpmjthuux WScript.Shell. power+shell string split.

Read Report →