General
-
Target
Extreme Injector v3.exe
-
Size
2.0MB
-
Sample
230311-x6vx7ach3y
-
MD5
3aa2f97fb1bf3a7ad735fb8b4a466053
-
SHA1
645598f9f42eb5ed9354ff5edcf0ceb44d050800
-
SHA256
67c81ddaff793ebb616e7b31476cbd873d8c707ab1211e1e0d290ee90908d68b
-
SHA512
7dfbdc4ffe43dda82f5d43249971616567a10bcf4b28d60a8a8c316a77545f75fb67462d41d4335555532021ebc10945a3b36347e9bf87a1d9771e2e21e1bd55
-
SSDEEP
24576:CZ1pCmQXDQHjao2Ek2+Ph9zlX9fADMFR93hOLBgZ0GvzED0eKElGE63J+h0f0IE0:apC3/LPh9zlXaDQZzzEQEU+r/DI5as
Static task
static1
Behavioral task
behavioral1
Sample
Extreme Injector v3.exe
Resource
win7-20230220-en
Malware Config
Extracted
asyncrat
1.0.7
Default
DcRatMutex_qwqdanchun
-
delay
10
-
install
true
-
install_file
csrss.exe
-
install_folder
%AppData%
-
pastebin_config
https://pastebin.com/raw/3Z9zi18j
Targets
-
-
Target
Extreme Injector v3.exe
-
Size
2.0MB
-
MD5
3aa2f97fb1bf3a7ad735fb8b4a466053
-
SHA1
645598f9f42eb5ed9354ff5edcf0ceb44d050800
-
SHA256
67c81ddaff793ebb616e7b31476cbd873d8c707ab1211e1e0d290ee90908d68b
-
SHA512
7dfbdc4ffe43dda82f5d43249971616567a10bcf4b28d60a8a8c316a77545f75fb67462d41d4335555532021ebc10945a3b36347e9bf87a1d9771e2e21e1bd55
-
SSDEEP
24576:CZ1pCmQXDQHjao2Ek2+Ph9zlX9fADMFR93hOLBgZ0GvzED0eKElGE63J+h0f0IE0:apC3/LPh9zlXaDQZzzEQEU+r/DI5as
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-