Indian Financial Institutions are Attacked by Dtrack RAT


Dtrack RAT is part of lazarus group and is very active in malware development. RAT is targeting Indian Financial institutions and other research centers from the tools that were also used in Seoul campaigns. Dtrack RAT also targeting Indian banks. They were using ATMDtrack malware, that was targeting Indian Banks. Kaspersky researchers discovered this Dtrack spy tool when they were analyzing the ATMDtrack malware. 

It was found that Dtrack tests were seen to be dropped ones, in light of the fact that the genuine payloads were scrambled with different droppers. On unscrambling the last payload, a few similarities with the DarkSeoul crusade developed. This prompted the battle being related with the Lazarus gathering. 

What the exploration says:  

The dropper has an encoded payload implanted as an overlay of a PE document. The overlay information, when decoded, contains an extra executable, process emptying shell-code, and a rundown of predefined executable names.  

Its decoding routine has been seen to begin between the beginning() and WinMain() capacities. The malignant code is installed into a paired that is an innocuous executable, for example, the Visual Studio MFC venture. When the information is unscrambled, the procedure emptying code begins. It takes the name of the procedure to be emptied as a contention.  

About Droppers: 

The droppers were found as containing a few executables for spying purposes.  

A couple of payload executables were seen as equipped for key-logging, posting running forms, posting documents on all circle volumes, reaping insights regarding accessible systems and dynamic associations, taking host IP addresses, and key-logging.  

Some executables enclose the gathered information to a file that is secret word secured and spare it to the plate. Different executables send the information to their order and-control server straightforwardly. 

The droppers also contained RAT (Remote Access Trojan). RAT allows criminals to execute various operations on the target machine, such as uploading/downloading and executing files. 

Here you can find the details of Dtrack and ATMDtrack: 

Safeguarding against Dtrack RAT:  

As the offenders are hoping to deal with the system for spying through this battle, security specialists prescribe organizations to 

  • Upgrade system and secret phrase arrangements  
  • Use traffic checking programming and antivirus arrangements

Indian Nuclear Power Plant targeted by Hackers

Visit our Website for latest Technology and Cyber-Security News. 

Looking for your Comments……!!!. Comment here and share your experience with us. Don’t forget to subscribe TechCybero and share this post with your colleagues.


Syed Jawad Kazmi

Hi, I’m Syed Jawad Kazmi. Welcome to my Blog. I’m a Software Engineer and have experience in different programming languages (Java, C++, Python, Php). My Hobbies are learning new Cyber-Security concepts and techniques, Graphics Designing for Websites and Facebook pages. I have experience in working on Dark-Web projects.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *


Adblock Detected

Please consider supporting us by disabling your ad blocker