Dtrack RAT is part of lazarus group and is very active in malware development. RAT is targeting Indian Financial institutions and other research centers from the tools that were also used in Seoul campaigns. Dtrack RAT also targeting Indian banks. They were using ATMDtrack malware, that was targeting Indian Banks. Kaspersky researchers discovered this Dtrack spy tool when they were analyzing the ATMDtrack malware.
It was found that Dtrack tests were seen to be dropped ones, in light of the fact that the genuine payloads were scrambled with different droppers. On unscrambling the last payload, a few similarities with the DarkSeoul crusade developed. This prompted the battle being related with the Lazarus gathering.
What the exploration says:
The dropper has an encoded payload implanted as an overlay of a PE document. The overlay information, when decoded, contains an extra executable, process emptying shell-code, and a rundown of predefined executable names.
Its decoding routine has been seen to begin between the beginning() and WinMain() capacities. The malignant code is installed into a paired that is an innocuous executable, for example, the Visual Studio MFC venture. When the information is unscrambled, the procedure emptying code begins. It takes the name of the procedure to be emptied as a contention.
The droppers were found as containing a few executables for spying purposes.
A couple of payload executables were seen as equipped for key-logging, posting running forms, posting documents on all circle volumes, reaping insights regarding accessible systems and dynamic associations, taking host IP addresses, and key-logging.
Some executables enclose the gathered information to a file that is secret word secured and spare it to the plate. Different executables send the information to their order and-control server straightforwardly.
The droppers also contained RAT (Remote Access Trojan). RAT allows criminals to execute various operations on the target machine, such as uploading/downloading and executing files.
Here you can find the details of Dtrack and ATMDtrack:
Safeguarding against Dtrack RAT:
As the offenders are hoping to deal with the system for spying through this battle, security specialists prescribe organizations to:
- Upgrade system and secret phrase arrangements
- Use traffic checking programming and antivirus arrangements
Looking for your Comments……!!!. Comment here and share your experience with us. Don’t forget to subscribe TechCybero and share this post with your colleagues.