Overview

overview

10

Static

static

10

ExtremeInj...ex.exe

windows7-x64

10

ExtremeInj...ex.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ExtremeInjectorv3exeexeex.exe

  • Size

    1.1MB

  • Sample

    230709-mz865acd38

  • MD5

    952787e3a56affaa50f055dc9a9e8138

  • SHA1

    95a0f7fe9ffc730871ca37357459e0a5a82301fe

  • SHA256

    900ccdd38370b47717625cd48c813226a968fd8a30651ca5bd8112df94e47155

  • SHA512

    f116dfe733dd8565bfe3f1d1529ac269172509f7cd7748d7e4c6cecb96b91a81a1dd3e8a8f9af97aa53d07bc14e0eeb192971c7bf56e7911a9ae167039912ff8

  • SSDEEP

    24576:U2G/nvxW3Ww0tfieCsfxqRyqCOmaqxn57oPqV3o2F:UbA30fiMYRyfi9K

Score
10/10
dcratinfostealerrat

Malware Config

Targets

    • Target

      ExtremeInjectorv3exeexeex.exe

    • Size

      1.1MB

    • MD5

      952787e3a56affaa50f055dc9a9e8138

    • SHA1

      95a0f7fe9ffc730871ca37357459e0a5a82301fe

    • SHA256

      900ccdd38370b47717625cd48c813226a968fd8a30651ca5bd8112df94e47155

    • SHA512

      f116dfe733dd8565bfe3f1d1529ac269172509f7cd7748d7e4c6cecb96b91a81a1dd3e8a8f9af97aa53d07bc14e0eeb192971c7bf56e7911a9ae167039912ff8

    • SSDEEP

      24576:U2G/nvxW3Ww0tfieCsfxqRyqCOmaqxn57oPqV3o2F:UbA30fiMYRyfi9K

    Score
    10/10
    dcratinfostealerrat

    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

      ratinfostealerdcrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks