DcRat v1.0.7
![[Image: DcRat-1.0.7.webp]](https://www.blackhatfrench.com/image/DcRat-1.0.7.webp)
DcRat is a remote access Trojan (RAT) primarily identified in association with the RedFoxtrot threat group. DcRat is designed to allow attackers to remotely take control of infected systems and is typically used for data theft, surveillance, and the deployment of additional malware. The malware infrastructure has targeted critical industries, including telecommunications and finance. Certificates associated with DcRat often include the distinguished name "DcRat Server" from an entity named "qwqdanchun," indicating a consistent source of malware distribution. RedFoxtrot uses multiple methods and tools with DcRat, including Cobalt Strike and AsyncRAT, for infiltration and command-and-control activities. Initial access methods typically involve social engineering tactics or exploiting vulnerabilities to compromise target systems. Features
TCP connection with certificate verification, stable and secure. Server IP port archived via a link. Multi-server and multi-port support. DLL-based plugin system, offering great scalability. Ultra-compact client size (approximately 40-50 KB). Data transformation with msgpack (better than JSON and other formats). Logging system records all events.
Features: Remote execution, Remote desktop, Remote camera, Registry editor, File management, Process management, Netstat, Remote logging, Process notification, File upload, File injection, Download and execution, Send notification, Chat, Open website, Change wallpaper, Keylogger, File search, DDOS, Ransomware, Disable Windows Defender, Disable UAC, Password recovery, Open CD, Screen lock, Client shutdown/restart/upgrade/uninstall, System shutdown/restart/logoff, UAC bypass. computer information Thumbnails Auto Task Mutex Process protection Block client Install with schtasks etc. Support The following systems (32 and 64 bit) are supported: Windows XP SP3 Windows Server 2003 Windows Vista Windows Server 2008 Windows 7 Windows Server 2012 Windows 8/8.1 Windows 10 TODO Password recovery and other stealers (only Chrome and Edge are currently supported) Reverse proxy Hidden VNC Hidden RDP Hidden browser Client map Real-time microphone Fun features Information gathering (possibly with UI) Unicode support in remote shell Folder upload support Multiple client installation methods are available.
Download 1
Download 2
DcRat is a remote access Trojan (RAT) primarily identified in association with the RedFoxtrot threat group. DcRat is designed to allow attackers to remotely take control of infected systems and is typically used for data theft, surveillance, and the deployment of additional malware. The malware infrastructure has targeted critical industries, including telecommunications and finance. Certificates associated with DcRat often include the distinguished name "DcRat Server" from an entity named "qwqdanchun," indicating a consistent source of malware distribution. RedFoxtrot uses multiple methods and tools with DcRat, including Cobalt Strike and AsyncRAT, for infiltration and command-and-control activities. Initial access methods typically involve social engineering tactics or exploiting vulnerabilities to compromise target systems. Features
TCP connection with certificate verification, stable and secure. Server IP port archived via a link. Multi-server and multi-port support. DLL-based plugin system, offering great scalability. Ultra-compact client size (approximately 40-50 KB). Data transformation with msgpack (better than JSON and other formats). Logging system records all events.
Features: Remote execution, Remote desktop, Remote camera, Registry editor, File management, Process management, Netstat, Remote logging, Process notification, File upload, File injection, Download and execution, Send notification, Chat, Open website, Change wallpaper, Keylogger, File search, DDOS, Ransomware, Disable Windows Defender, Disable UAC, Password recovery, Open CD, Screen lock, Client shutdown/restart/upgrade/uninstall, System shutdown/restart/logoff, UAC bypass. computer information Thumbnails Auto Task Mutex Process protection Block client Install with schtasks etc. Support The following systems (32 and 64 bit) are supported: Windows XP SP3 Windows Server 2003 Windows Vista Windows Server 2008 Windows 7 Windows Server 2012 Windows 8/8.1 Windows 10 TODO Password recovery and other stealers (only Chrome and Edge are currently supported) Reverse proxy Hidden VNC Hidden RDP Hidden browser Client map Real-time microphone Fun features Information gathering (possibly with UI) Unicode support in remote shell Folder upload support Multiple client installation methods are available.
Download 1
Download 2