user@threatcheck.sh ~ threat-analysis
bash
$ analyze-threat Trojan:Win32/DCRat.MQ!MTB
Trojan:Win32/DCRat.MQ!MTB - Windows Defender threat signature analysis

Trojan:Win32/DCRat.MQ!MTB - Windows Defender Threat Analysis

$ cat analysis.txt
=== THREAT ANALYSIS REPORT ===
Threat Name: Trojan:Win32/DCRat.MQ!MTB
Classification:
Type:Trojan
Platform:Win32
Family:DCRat
Detection Type:Concrete
Known malware family with identified signatures
Variant:MQ
Specific signature variant within the malware family
Suffix:!MTB
Detected via machine learning and behavioral analysis
Detection Method:Behavioral
Confidence:Very High
False-Positive Risk:Low

Concrete signature match: Trojan - Appears legitimate but performs malicious actions for 32-bit Windows platform, family DCRat

Summary:

This is a concrete detection of Trojan:Win32/DCRat.MQ!MTB, a variant of the DarkCrystal Remote Access Trojan (RAT). DCRat is a highly malicious tool that allows attackers to gain remote control over infected systems. It facilitates data theft, execution of arbitrary commands, and deployment of further malicious payloads, posing a significant threat to system integrity and data confidentiality.

Severity:
Critical
VDM Static Detection:
No specific strings found for this threat
YARA Rule:
rule Trojan_Win32_DCRat_MQ_2147907303_0
{
    meta:
        author = "threatcheck.sh"
        detection_name = "Trojan:Win32/DCRat.MQ!MTB"
        threat_id = "2147907303"
        type = "Trojan"
        platform = "Win32: Windows 32-bit platform"
        family = "DCRat"
        severity = "Critical"
        info = "MTB: Microsoft Threat Behavior"
        signature_type = "SIGNATURE_TYPE_PEHSTR_EXT"
        threshold = "11"
        strings_accuracy = "High"
    strings:
        $x_5_1 = {74 0f b0 01 eb 30 85 ff 74 03 c6 07 01 32 c0 eb 25}  //weight: 5, accuracy: High
        $x_5_2 = ".vbe" ascii //weight: 5
        $x_1_3 = "DarkCrystal RAT" wide //weight: 1
        $x_1_4 = "DCrat" wide //weight: 1
    condition:
        (filesize < 20MB) and
        (
            ((2 of ($x_5_*) and 1 of ($x_1_*))) or
            (all of ($x*))
        )
}
Known malware which is associated with this threat:
4f0f3951ba8bd012f30d3a7fe30b0ab88bbbf74c6ec47766608f683e5e7532ed
09/01/2026
Remediation Steps:
Immediately isolate the infected system from the network. Conduct a full system scan with updated antivirus, remove all detected malicious files, and diligently investigate for persistence mechanisms. Reset any potentially compromised credentials and ensure all system security patches are applied.
=== END REPORT ===
$ reanalyze-threat
This analysis was last updated on 09/01/2026. Do you want to analyze it again?
$ ls available-commands/
user@threatcheck.sh:~$