KeyLogger from RAT. (Reuploaded)

Due for disapproved I’ve move remove some of information. Thanks

The malware is keylogger and is assembly that is good so I can use dnspy. The code is obfuscated easily and I can will deobfuscate for you.

Here is Information:
FileName: fontWinRuntimecrtNetrefruntimedll.exe
Source Code: -
Obfuscation → Rename namespaces, to random strings. Stil code is readable.
Obfuscator Name: .NET Reactor

Connections Made: (WHO.IS | VirusTotal)

VirusTotal → Click Here
WHO.IS (Domain) → Click Here
RAT Name → DcRAT (Proof: Screenshot by Lightshot) → Full Name: Dark Crystal RAT.
IP Contry: RUSSA (RU)
IP City: Moscow (Russia)

  • The IP ( has similar files whoose also are stubs from RATS.


New Information:

New IP: (VirusTotal).
A file called DCRATLoader were found in %local%. if need I will send alert message.

1 Like

DCRATLoader sounds like Dark Comet with the DC. Nice expose.

Their Website were down by FBI.
Thanks to everyone who helped about destroy these russian hackers.

Link →

1 Like