General

  • Target

    crazydown.exe

  • Size

    67.5MB

  • Sample

    230702-j89x8scb6z

  • MD5

    31e8dd7f62b0d6210b603e64c438c120

  • SHA1

    e953cba0da973e377aa364b9dd08e03c530c2cc3

  • SHA256

    dca13fc006a3b55756ae0534bd0d37a1b53a219b5d7de236f20b0262f3662659

  • SHA512

    a71942c1b118eea7cd545bb44a08d047dcd6d09fa7a8e637b1a6bd9171bc689eb374d1937eb124f9ffc449fc65c66db39a42c3564946dca63e6b215f020f1c74

  • SSDEEP

    1572864:8KTTF204vwsTTPn8chTPO8vJ4n1vy0XTDrz3mN1LrtXubAptsDilNoR07:TXF204v9n8chHuv7TD/2Tr4bgtsMNoS7

Score
7/10

Malware Config

Targets

    • Target

      crazydown.exe

    • Size

      67.5MB

    • MD5

      31e8dd7f62b0d6210b603e64c438c120

    • SHA1

      e953cba0da973e377aa364b9dd08e03c530c2cc3

    • SHA256

      dca13fc006a3b55756ae0534bd0d37a1b53a219b5d7de236f20b0262f3662659

    • SHA512

      a71942c1b118eea7cd545bb44a08d047dcd6d09fa7a8e637b1a6bd9171bc689eb374d1937eb124f9ffc449fc65c66db39a42c3564946dca63e6b215f020f1c74

    • SSDEEP

      1572864:8KTTF204vwsTTPn8chTPO8vJ4n1vy0XTDrz3mN1LrtXubAptsDilNoR07:TXF204v9n8chHuv7TD/2Tr4bgtsMNoS7

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • An obfuscated cmd.exe command-line is typically used to evade detection.

MITRE ATT&CK Enterprise v6

Tasks