Overview

overview

7

Static

static

7

craxs/Agil...me.dll

windows10-2004-x64

1

craxs/ChangeLog.html

windows10-2004-x64

1

craxs/Crax...xe.xml

windows10-2004-x64

1

craxs/Crax....1.exe

windows10-2004-x64

3

craxs/Drak...rk.dll

windows10-2004-x64

1

craxs/GeoIPCitys.dll

windows10-2004-x64

1

craxs/Live...ms.dll

windows10-2004-x64

1

craxs/Live...pf.dll

windows10-2004-x64

1

craxs/LiveCharts.dll

windows10-2004-x64

1

craxs/MetroSet UI.dll

windows10-2004-x64

1

craxs/NAudio.dll

windows10-2004-x64

1

craxs/Syst...le.dll

windows10-2004-x64

1

craxs/Vip....on.dll

windows10-2004-x64

1

craxs/WinMM.Net.dll

windows10-2004-x64

1

craxs/mscorlib.dll

windows10-2004-x64

1

craxs/res/...-1.dex

windows10-2004-x64

3

craxs/res/...n-2.pl

windows10-2004-x64

3

craxs/res/...n-3.pl

windows10-2004-x64

3

craxs/res/...-4.dex

windows10-2004-x64

3

craxs/res/...-5.dex

windows10-2004-x64

3

craxs/res/...n-6.pl

windows10-2004-x64

3

craxs/res/...n-7.pl

windows10-2004-x64

3

craxs/res/...n-8.pl

windows10-2004-x64

3

Analysis

  • max time kernel
    58s
  • max time network
    81s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-03-2023 15:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    craxs/CraxsRat3.7.1.exe

  • Size

    66.7MB

  • MD5

    5c2c62b358dbe25728a5868b66bb87a9

  • SHA1

    4aebe8e52701529be67930024dcf131dbfe0564b

  • SHA256

    50681ebff635c53cf55cb01a229ee0b70e600e31c4d53cc27adb51499a2c4ce5

  • SHA512

    9551c54113ecdd735c7c1ad3de555e266180f25929b2a06004f2aa9960e02d1ed069fcfcb4d5d0c637098bb59d3c886a78c298ccf3b652949643b357e7962111

  • SSDEEP

    786432:Sbj7Ad4+fseiTkO6W4qt+90qaZrNgb9BHGI+fseiTkC+fseiTk:JfwTkiFGaFeBBHGZfwTkzfwTk

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\craxs\CraxsRat3.7.1.exe
    "C:\Users\Admin\AppData\Local\Temp\craxs\CraxsRat3.7.1.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:4964
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4964 -s 3856
      2⤵
      • Program crash
      PID:1476
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 4964 -ip 4964
    1⤵
      PID:1668

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\EVLF_-_t.me_evlfdev\CraxsRat3.7.1.exe_Url_qjs1kqh3dwgirt5khsf5c55ie011afn1\2.7.0.0\user.config
      Filesize

      822B

      MD5

      fd19a4448e442d26224f143097b8bed7

      SHA1

      0384c71fc464f7f4f047285ebcb34931ec1683cf

      SHA256

      23a5b0c1b515f3b1ddf5c7014335f887025ddbf325ffa211621475ca581b3b13

      SHA512

      bae7032a95427679edb324142a79c5a6d400d655a50c52097457e6d6383819f28ac9735651db987aa2ddd5117e137b38a7768b7dd8ed74749f43017886e524f0

      Download Submit
    • memory/4964-143-0x000000000A7C0000-0x000000000A7EC000-memory.dmp
      Filesize

      176KB

      Download
    • memory/4964-136-0x0000000009B80000-0x0000000009C12000-memory.dmp
      Filesize

      584KB

      Download
    • memory/4964-144-0x000000000BAD0000-0x000000000BB06000-memory.dmp
      Filesize

      216KB

      Download
    • memory/4964-137-0x0000000009B10000-0x0000000009B1A000-memory.dmp
      Filesize

      40KB

      Download
    • memory/4964-138-0x0000000009C20000-0x0000000009C76000-memory.dmp
      Filesize

      344KB

      Download
    • memory/4964-139-0x0000000009B60000-0x0000000009B6C000-memory.dmp
      Filesize

      48KB

      Download
    • memory/4964-140-0x0000000009E20000-0x0000000009E3C000-memory.dmp
      Filesize

      112KB

      Download
    • memory/4964-141-0x000000000A780000-0x000000000A7BC000-memory.dmp
      Filesize

      240KB

      Download
    • memory/4964-146-0x0000000009CE0000-0x0000000009CF0000-memory.dmp
      Filesize

      64KB

      Download
    • memory/4964-133-0x0000000000DF0000-0x00000000050AC000-memory.dmp
      Filesize

      66.7MB

      Download
    • memory/4964-134-0x0000000009A40000-0x0000000009ADC000-memory.dmp
      Filesize

      624KB

      Download
    • memory/4964-135-0x000000000A090000-0x000000000A634000-memory.dmp
      Filesize

      5.6MB

      Download
    • memory/4964-142-0x0000000009CE0000-0x0000000009CF0000-memory.dmp
      Filesize

      64KB

      Download
    • memory/4964-147-0x0000000009CE0000-0x0000000009CF0000-memory.dmp
      Filesize

      64KB

      Download
    • memory/4964-148-0x0000000009CE0000-0x0000000009CF0000-memory.dmp
      Filesize

      64KB

      Download
    • memory/4964-149-0x0000000009CE0000-0x0000000009CF0000-memory.dmp
      Filesize

      64KB

      Download
    • memory/4964-150-0x000000000B4F0000-0x000000000B4FA000-memory.dmp
      Filesize

      40KB

      Download
    • memory/4964-151-0x000000000CBD0000-0x000000000CBE2000-memory.dmp
      Filesize

      72KB

      Download
    • memory/4964-152-0x0000000015D50000-0x0000000015D8C000-memory.dmp
      Filesize

      240KB

      Download
    • memory/4964-153-0x0000000009CE0000-0x0000000009CF0000-memory.dmp
      Filesize

      64KB

      Download
    • memory/4964-154-0x0000000009CE0000-0x0000000009CF0000-memory.dmp
      Filesize

      64KB

      Download
    • memory/4964-145-0x000000000BC50000-0x000000000BDF6000-memory.dmp
      Filesize

      1.6MB

      Download