Cert2Connect

DCRAT Employs HTML Smuggling To Target Users In Recent Campaign

DCRat (aka Dark Crystal RAT) is a modular RAT that has been available since at least 2018. The malwares capabilities include executing shell commands stealing credentials and logging keystrokes from the infected system. It has historically been delivered via compromised websites phishing or dropped by other malicious files. Recently DCRat was observed using HTML smuggling for the first time this method allows the malware to attempt to bypass network defenses by embedding or retrieving payloads via obfuscated HTML files. The recent campaign was seen delivering a password-protected archive containing a self-extracting executable which were packed with tools like .NET Reactor ENIGMA or VMProtect. Upon successful extraction additional malicious payloads are automatically executed allowing the attacker to have evaded detection.
Overzicht

WILT U WETEN HOE DIT RISICO
UITGEBANNEN KAN WORDEN?

Wij helpen je graag. Indien gewenst geven we graag een presentatie of demo van onze oplossingsaanpak. Je vindt ons ook regelmatig op beurzen en events. Volg de evenementenpagina op deze site of meld je aan via de contactpagina voor onze nieuwsbrief.

Maak een afspraak