General
-
Target
Extreme Injector v3.exe
-
Size
2.0MB
-
Sample
230311-x2t54ach2v
-
MD5
58e6921f23f631f5ba9486189ea19a06
-
SHA1
245a2dd0e0037898b84ad146b61da1095fbc5989
-
SHA256
871f9d35b776f14bfb97f3368f9d3950e0e8df881c603efbf079fac291882943
-
SHA512
81e4ff2dee540d52ab47f14b91dc8ba3e732f555b9245fbbe3bcac7157b221324803d602c0fb9f0d47000767e93e56c6ab7d18019c941e12f5e6c306665e480e
-
SSDEEP
24576:73xl0K1j/WKI8tagtNfJwIibONpHKE3PXbetz7V+5dtLKEiJ7EzuwTcA6gnmuHoX:7v1j/W3SfXxZJKQzuyc+fH3hMz
Static task
static1
Behavioral task
behavioral1
Sample
Extreme Injector v3.exe
Resource
win7-20230220-en
Malware Config
Extracted
asyncrat
1.0.7
Default
DcRatMutex_qwqdanchun
-
delay
10
-
install
true
-
install_file
csrss.exe
-
install_folder
%AppData%
-
pastebin_config
https://pastebin.com/raw/3Z9zi18j
Targets
-
-
Target
Extreme Injector v3.exe
-
Size
2.0MB
-
MD5
58e6921f23f631f5ba9486189ea19a06
-
SHA1
245a2dd0e0037898b84ad146b61da1095fbc5989
-
SHA256
871f9d35b776f14bfb97f3368f9d3950e0e8df881c603efbf079fac291882943
-
SHA512
81e4ff2dee540d52ab47f14b91dc8ba3e732f555b9245fbbe3bcac7157b221324803d602c0fb9f0d47000767e93e56c6ab7d18019c941e12f5e6c306665e480e
-
SSDEEP
24576:73xl0K1j/WKI8tagtNfJwIibONpHKE3PXbetz7V+5dtLKEiJ7EzuwTcA6gnmuHoX:7v1j/W3SfXxZJKQzuyc+fH3hMz
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-