Overview

overview

10

Static

static

10

background...st.exe

windows10-2004-x64

10

background...st.exe

windows10-ltsc_2021-x64

10

background...st.exe

windows11-21h2-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    backgroundTaskHost.exe

  • Size

    1.2MB

  • Sample

    250519-tk74va1lt6

  • MD5

    ff6db5e031214ec6f6e0f3d13bcd8b15

  • SHA1

    78a8f241fa16598154459ee6e741721c29f1b834

  • SHA256

    de295d8ca59adb73a6e581f2743e6f80314fa4941cae55c6520272a542ec07c3

  • SHA512

    518abcd15a905641d89c1872f322361fb187c13ee1c351cab585a45a9f3a00bf9efb22f0796a700b6445bb0e7f916b33ba8b0ee03796e56ee03b7401485501db

  • SSDEEP

    24576:iy0Z29khrphYIHTLMt4gjCs5d15rMfMHuVBxE/hEHNH:iq9UYeMtpus5vhKKhs

Score
10/10
dcratinfostealerrat

Malware Config

Targets

    • Target

      backgroundTaskHost.exe

    • Size

      1.2MB

    • MD5

      ff6db5e031214ec6f6e0f3d13bcd8b15

    • SHA1

      78a8f241fa16598154459ee6e741721c29f1b834

    • SHA256

      de295d8ca59adb73a6e581f2743e6f80314fa4941cae55c6520272a542ec07c3

    • SHA512

      518abcd15a905641d89c1872f322361fb187c13ee1c351cab585a45a9f3a00bf9efb22f0796a700b6445bb0e7f916b33ba8b0ee03796e56ee03b7401485501db

    • SSDEEP

      24576:iy0Z29khrphYIHTLMt4gjCs5d15rMfMHuVBxE/hEHNH:iq9UYeMtpus5vhKKhs

    Score
    10/10
    dcratinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Dcrat family

      dcrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v16

Tasks

OSZAR »