General
-
Target
Extreme Injector v3.exe
-
Size
2.3MB
-
Sample
230312-21kbqahg9x
-
MD5
83a24ea1847f5cbb5508785abb5126ea
-
SHA1
63930e7171d1fc94fd4ec745392b3a1136cb0496
-
SHA256
246b30f2dc863cc247d9ad8bff17e1ec92f2282810f47f42634c0bb7883ba268
-
SHA512
fb6fbeb92bf4fee54f46e4dd75703cc85ebec3e57594fd7cb14874c096c2783ad896c863ba34c594f368d5c16df6a264e50dbb06d674c565d426dd2ddfe3890e
-
SSDEEP
49152:7BHCRl986cGvR4GegwM4rqpKHH9TyaHd1CP:NHgsXhM4qwdOaC
Static task
static1
Behavioral task
behavioral1
Sample
Extreme Injector v3.exe
Resource
win7-20230220-en
Malware Config
Extracted
asyncrat
1.0.7
Default
DcRatMutex_qwqdanchun
-
delay
10
-
install
true
-
install_file
csrss.exe
-
install_folder
%AppData%
-
pastebin_config
https://pastebin.com/raw/3Z9zi18j
Targets
-
-
Target
Extreme Injector v3.exe
-
Size
2.3MB
-
MD5
83a24ea1847f5cbb5508785abb5126ea
-
SHA1
63930e7171d1fc94fd4ec745392b3a1136cb0496
-
SHA256
246b30f2dc863cc247d9ad8bff17e1ec92f2282810f47f42634c0bb7883ba268
-
SHA512
fb6fbeb92bf4fee54f46e4dd75703cc85ebec3e57594fd7cb14874c096c2783ad896c863ba34c594f368d5c16df6a264e50dbb06d674c565d426dd2ddfe3890e
-
SSDEEP
49152:7BHCRl986cGvR4GegwM4rqpKHH9TyaHd1CP:NHgsXhM4qwdOaC
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-