100 Days of YARA – Day 21: DCRat

On By DanielIn 100 days of Yara

DCRat is a public C2 software, written in C#. This tool is often modified and abused by attackers.

This rule uses the dotnet YARA module and could definitely be improved upon:

import "dotnet"

rule DCRat
{
	meta:
		author = "Daniel Roberson"
		reference = "https://github.com/qwqdanchun/DcRat"
		description = "Detect DcRat"
		hash = "c73b1ffa39c5843b2ed951ac48350d1deb33db4057341f1dab1ee64ea1a62248"

	condition:
		dotnet.assembly.name == "DcRat"
}

YARA Rules Index

One thought on “100 Days of YARA – Day 21: DCRat

  1. Pingback: Week 03 – 2022 – This Week In 4n6

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s