Overview
overview
10Static
static
7ChangeLog.html
windows10-1703-x64
1CraxsRat.exe.xml
windows10-1703-x64
1CraxsRat.xml
windows10-1703-x64
1License.xml
windows10-1703-x64
1LiveCharts.Wpf.xml
windows10-1703-x64
1SimplicLoader.exe
windows10-1703-x64
10System.IO....le.dll
windows10-1703-x64
1Vip.Notification.dll
windows10-1703-x64
1WinMM.Net.dll
windows10-1703-x64
1General
-
Target
SimplicLoader.rar
-
Size
4.7MB
-
Sample
230411-zab7bafc23
-
MD5
440ebe09051a8cc5c21dc4408915c9d9
-
SHA1
51a66ad8f193a309bb7b61d3123711042ae7fecc
-
SHA256
3797d33045461d3f38719dc5a2c226a8163dc06ac0b75c2a93c54ab91f0efb5b
-
SHA512
f19b3bd7e26ee6d3afea4c4d6a17baa4e2ebfd529b77558082f26276aa5eabb9c8249d802a36ec784c88fa96076805702a213caf3f7892f5000e15e37727dad5
-
SSDEEP
98304:jLju9vlFDC3LRQMqkQRJ6LA/S8oRQT3HZI0rh9bAmek5bolAincbeSHCC:j+9dFDC3dxU/S8o235BEmHoNnQepC
Behavioral task
behavioral1
Sample
ChangeLog.html
Resource
win10-20230220-en
Behavioral task
behavioral2
Sample
CraxsRat.exe.xml
Resource
win10-20230220-en
Behavioral task
behavioral3
Sample
CraxsRat.xml
Resource
win10-20230220-en
Behavioral task
behavioral4
Sample
License.xml
Resource
win10-20230220-en
Behavioral task
behavioral5
Sample
LiveCharts.Wpf.xml
Resource
win10-20230220-en
Behavioral task
behavioral6
Sample
SimplicLoader.exe
Resource
win10-20230220-en
Behavioral task
behavioral7
Sample
System.IO.Compression.ZipFile.dll
Resource
win10-20230220-en
Behavioral task
behavioral8
Sample
Vip.Notification.dll
Resource
win10-20230220-en
Behavioral task
behavioral9
Sample
WinMM.Net.dll
Resource
win10-20230220-en
Malware Config
Extracted
https://rentry.org/yui9p/raw
Targets
-
-
Target
ChangeLog.html
-
Size
1KB
-
MD5
e13a142fd65ba98dcd14acab49b75f5c
-
SHA1
5259cc36a8473edab4b5328dd45ba2c0579185cc
-
SHA256
adedda589be1f4181787e5f3453ca48f74f950ba7628099ba217d89fd9eb7f73
-
SHA512
10dfc63549eb15d2bd787f83e5da43a9a2eb34fd9fbc22d10b1015eb0869c3e323db1d49c7338a567105fea9139a04294a51a9f44e2562b703c5c10e07685004
Score1/10 -
-
-
Target
CraxsRat.exe.config
-
Size
7KB
-
MD5
dd5a0508827ec5ef25064c18fbd73c79
-
SHA1
32f9a8803107d28418437312fd0e52e564f0f753
-
SHA256
fdd077b07e6edd22678b2a29beee104daffdf56d545bbae1f39c632208a61d74
-
SHA512
6fa7e2407b412e471c42162d460625e17a7dc7b76b0a236db1746645f75cf38806026f1084b254da204ce149e960da1a7897e472c58fe71151435fb94ae012e6
-
SSDEEP
96:ur71tp7K0rjtHyZ90nDP9SbujEBKgFAnuAnznVuupxZAEcHn4abLQAntYIWVv/xb:ur7rp7vrjaHyv
Score1/10 -
-
-
Target
CraxsRat.xml
-
Size
16KB
-
MD5
4ff73212d7d2187a4f22750eed7c87b9
-
SHA1
5a89a5e44616189fab928138567d6fb0f2797e75
-
SHA256
3158967b27592b793dc731382decb92da050097eb8528d654e7e9737cdf04c4b
-
SHA512
d6f011b5eb0b2629fc90173a23e5f36d65c865e0ebccc98609348bdf5233e1e84ad873b0a6b95c0c41e3d8905f4118b431db31716fc82564a377eb157d293ca4
-
SSDEEP
384:3xIfunXQgZ0DaUmhgbkxWPV4OzT8qKSODeSjD7BTPM0:IunXt0D+nDl
Score1/10 -
-
-
Target
License.xml
-
Size
1KB
-
MD5
044c6afca15cc7529e9295bb2f37fd90
-
SHA1
e7a91e525c6f68737b20b523a3a567ed4a2bc063
-
SHA256
407fa330063e56cccb96e7b26540ff7eb6ad39fa659f2cb06a6433d453550dff
-
SHA512
817319739e60e8885589e7e6eaadce341100293c4699adb3ba2d53ccb6a308cba9fb84c175f4e226b452a76a7c30a7eca00e5b989fe236737e7dadd8fea959d4
Score1/10 -
-
-
Target
LiveCharts.Wpf.xml
-
Size
171KB
-
MD5
9cbc27f6b1afbc7f43a9ed07f784a73d
-
SHA1
c15b3540ef31f3b229c3ffd6f5602aa7c04b3928
-
SHA256
c18a11b019a56ec8e5916042a9f23a8655ea199bf2a4319573b18b7e035e3914
-
SHA512
c39b9c022d8ffc6d651e6bc4aa60ab435318b69571e97c71b7ebb0c5b25d0b50cdb235ba4302c689be132e32fc0d13b686db5b4fa794f8db8342162a55dece58
-
SSDEEP
1536:6/Jl3Mw7VTlv6aoz/Jj3WCQOtnPsJyjJ7t6U:oMwLv6aoFWCQOtnV
Score1/10 -
-
-
Target
SimplicLoader.exe
-
Size
75KB
-
MD5
72fb96fbbee9fa0c1c25030152f8a802
-
SHA1
22d1be899c8a2aca51420a9ae3f89c5528d7e347
-
SHA256
1f08b5e59bf1ec24b9be2c2211dccf22a6651202d29a9be6d8d2f99b127a9274
-
SHA512
bbcee824c437c0069d174d2b34ed42cecef72c22fee9418144af64083d8833af9572b3670bacfcfc1eb5cfa3da269aa289ee10d9d2eeb2442763e1dda1e3248d
-
SSDEEP
768:ol9EoLDR6GjcJUsg6O/scbnY+kVgbu7FpMtqwH7pRMAfPdqoxgGgKrVuua:S9RuU/da7HM1Zgero
Score10/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
System.IO.Compression.ZipFile.dll
-
Size
24KB
-
MD5
dcda916372128f13ada8b07026c1b3e7
-
SHA1
99d6c187de8510206a93d2eed9c65e65e0c86e72
-
SHA256
b5c12e9099643e2eda9b49edd0d98bdaed153c72a7e8e6235d8e78714402d16a
-
SHA512
d66de5d61cf7090ce2e11ca8064723a44c2fdbd7ed937f1cf4198ebe13083037941b816ad9022d332bbb853666785600fa8b1faca94c498d2f82de73fe1e42f9
-
SSDEEP
384:dK8Y54xRiW3mWeW+mWE3rq0GftpBj52ERHRN7dldBopPI:dKfemqiuEBHoa
Score1/10 -
-
-
Target
Vip.Notification.dll
-
Size
17KB
-
MD5
a292d382f369373d6a925fe5907c69c9
-
SHA1
7336065527d93566f79121c478545ae86ba8bb2e
-
SHA256
ec7dc8e7890b3881e0a6f8616c7363d4fb43b9c5af2c090b08bbe0275031a6d7
-
SHA512
9f45240686f506b11dbce466dd8b843683e09ff3896bc6563a6580d531898f60523614295c62556a5e058af5af18c3e98e80b3f0642f49f07dd2dc44a181dfdc
-
SSDEEP
384:EDkSAZXF8SniyHUX4ICx3Fs9SqVW4z5QdfVASCFCDOtfgTuokwuwAqu05yokwOwG:ED8fR4tQsNFLfgvuPIOjk7ch
Score1/10 -
-
-
Target
WinMM.Net.dll
-
Size
43KB
-
MD5
d4b80052c7b4093e10ce1f40ce74f707
-
SHA1
2494a38f1c0d3a0aa9b31cf0650337cacc655697
-
SHA256
59e2ac1b79840274bdfcef412a10058654e42f4285d732d1487e65e60ffbfb46
-
SHA512
3813b81f741ae3adb07ae370e817597ed2803680841ccc7549babb727910c7bff4f8450670d0ca19a0d09e06f133a1aaefecf5b5620e1b0bdb6bcd409982c450
-
SSDEEP
768:LyasDzF2TDSemqD9tGI+ffwj2Au0LVpqmf7KxcOOrYCPTxqPb85:LyaXKemqD9tGI+ffwj2Au0LVpq4KWrlv
Score1/10 -