DcRat

DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

Dcrat family

Process spawned unexpected child process

This typically indicates the parent process was compromised via an exploit or macro.

DCRat payload

Detects payload of DCRat, commonly dropped by NSIS installers.

Command and Scripting Interpreter: PowerShell

Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.