General
-
Target
CraxsRat v 4.9.rar
-
Size
231.0MB
-
Sample
230509-w77spsfc6z
-
MD5
9f92215aa6a72e947129d350991bc383
-
SHA1
8f62586987f5808f6d3973d1bed58a74db0b96df
-
SHA256
f45c1e3804cb3db0debb4a9f77a86ca6fb8b8ae55b732d45ee7ac8e617568094
-
SHA512
70b3b18cd1796535d77f707ae32617ef22ba8712f6b79abfebf05a334f91da8df709f1f60cb36e4c7bd09b940a7b5b62676f991c423d9db12d6cb45edadbb7d4
-
SSDEEP
6291456:0VUyqQqdQSIKY9RW9NdniZ6IuS0toCv4BKaNB:0VUy4q6/sZc/44aj
Behavioral task
behavioral1
Sample
CraxsRat v4/Crack.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral2
Sample
CraxsRat v4/CraxsRat v4.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
CraxsRat v4/V4.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
asyncrat
1.0.7
Default
description-lease.at.ply.gg:25727
DcRatMutex_qwqdanchun
-
delay
1
-
install
true
-
install_file
Updates.exe
-
install_folder
%AppData%
Targets
-
-
Target
CraxsRat v4/Crack.exe
-
Size
47KB
-
MD5
71499b2947646d03cf1f0addf810083e
-
SHA1
3d4d1e108ab43e0a6416bad34e3915e6e6a79873
-
SHA256
5a8e9e4691806bc732d2ac2dc4e1e1679f49ccf7c228d828dc329ffd85084512
-
SHA512
6fd9e8720a1be33b614cf2bdabdc813f5981f996187b6fb00be744d62a9d905d90bcab31e7f936f0d66eb60a9dea0d8c46e5a6d1475581b88e9606ffe2864b8f
-
SSDEEP
768:DeICljTILmCKi+DiBtelDSN+iV08Ybyge6D9KyvEgK/J3ZVc6KN:DeIYdmBtKDs4zb1P8ynkJ3ZVclN
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
-
-
Target
CraxsRat v4/CraxsRat v4.exe
-
Size
40.4MB
-
MD5
0a8bf2ffe2185df17bb19c6ed4b42ad0
-
SHA1
009de1363fe7ada66f3afcddfaf9dd0bcf613851
-
SHA256
7ebfbe851e5c1292af8b93e9c063b0b5d2a6a8c3f76ce3d632481f5ac721d46b
-
SHA512
5163a938be96e70141ac5a14c945cd176b6bb6b4151120f782712dd99e5a5dcd05f45f4532c8b779399ba880dd9025ee975bf47c6173fe0abab30e654fca3565
-
SSDEEP
786432:W77gdhsrmTjcrOdr5x7L7U+Txg9/M5UAMcjDoUUxINgxYNYiFniTT:I78sqTArSt7DW5rcjkjYNXiTT
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
-
-
Target
CraxsRat v4/V4.exe
-
Size
40.9MB
-
MD5
2c3de095ad1ad12d56c4656642c4e541
-
SHA1
f8925dc9c68895958961a5c01e989f622f644f0c
-
SHA256
85e1519a11df4b2c6d36d64536fb1070cd6cdd01da502056aab2a01b468016c3
-
SHA512
5be44b6e3c99847f8507e1ba32f2fa157b6da8cf09f7baf12030bd57f29c5872e2d5934cc64836b2de98242422f4d91b9224071b041f48b539e6f23e6d3ebcac
-
SSDEEP
786432:Thyqe9n+N5GsjzKGCGWdo3LuqIXwfWeY6VQoJOjzTheSsXaKAoija5w9Fm:NtOn+uLGCG6qOgfzbUjzTDyadoea5g
Score1/10 -