General
-
Target
crazydown.exe
-
Size
67.5MB
-
Sample
230702-j89x8scb6z
-
MD5
31e8dd7f62b0d6210b603e64c438c120
-
SHA1
e953cba0da973e377aa364b9dd08e03c530c2cc3
-
SHA256
dca13fc006a3b55756ae0534bd0d37a1b53a219b5d7de236f20b0262f3662659
-
SHA512
a71942c1b118eea7cd545bb44a08d047dcd6d09fa7a8e637b1a6bd9171bc689eb374d1937eb124f9ffc449fc65c66db39a42c3564946dca63e6b215f020f1c74
-
SSDEEP
1572864:8KTTF204vwsTTPn8chTPO8vJ4n1vy0XTDrz3mN1LrtXubAptsDilNoR07:TXF204v9n8chHuv7TD/2Tr4bgtsMNoS7
Static task
static1
Behavioral task
behavioral1
Sample
crazydown.exe
Resource
win7-20230621-en
Behavioral task
behavioral2
Sample
crazydown.exe
Resource
win10-20230621-en
Malware Config
Targets
-
-
Target
crazydown.exe
-
Size
67.5MB
-
MD5
31e8dd7f62b0d6210b603e64c438c120
-
SHA1
e953cba0da973e377aa364b9dd08e03c530c2cc3
-
SHA256
dca13fc006a3b55756ae0534bd0d37a1b53a219b5d7de236f20b0262f3662659
-
SHA512
a71942c1b118eea7cd545bb44a08d047dcd6d09fa7a8e637b1a6bd9171bc689eb374d1937eb124f9ffc449fc65c66db39a42c3564946dca63e6b215f020f1c74
-
SSDEEP
1572864:8KTTF204vwsTTPn8chTPO8vJ4n1vy0XTDrz3mN1LrtXubAptsDilNoR07:TXF204v9n8chHuv7TD/2Tr4bgtsMNoS7
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
An obfuscated cmd.exe command-line is typically used to evade detection.
-