dca13fc006a3b55756ae0534bd0d37a1b53a219b5d7de236f20b0262f3662659 | Triage

Submit
Reports

Overview

overview

7

Static

static

3

crazydown.exe

windows7-x64

7

crazydown.exe

windows10-1703-x64

7

crazydown.exe

windows10-2004-x64

7

Sharing

General

Target

crazydown.exe
Size

67.5MB
Sample

230702-j89x8scb6z
MD5

31e8dd7f62b0d6210b603e64c438c120
SHA1

e953cba0da973e377aa364b9dd08e03c530c2cc3
SHA256

dca13fc006a3b55756ae0534bd0d37a1b53a219b5d7de236f20b0262f3662659
SHA512

a71942c1b118eea7cd545bb44a08d047dcd6d09fa7a8e637b1a6bd9171bc689eb374d1937eb124f9ffc449fc65c66db39a42c3564946dca63e6b215f020f1c74
SSDEEP

1572864:8KTTF204vwsTTPn8chTPO8vJ4n1vy0XTDrz3mN1LrtXubAptsDilNoR07:TXF204v9n8chHuv7TD/2Tr4bgtsMNoS7

Score

7^/10

spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

crazydown.exe

Resource

win7-20230621-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

crazydown.exe

Resource

win10-20230621-en

spyware stealer

windows10-1703-x64

14 signatures

150 seconds

Behavioral task

behavioral3

Sample

crazydown.exe

Resource

win10v2004-20230621-en

spyware stealer

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  crazydown.exe
- Size
  
  67.5MB
- MD5
  
  31e8dd7f62b0d6210b603e64c438c120
- SHA1
  
  e953cba0da973e377aa364b9dd08e03c530c2cc3
- SHA256
  
  dca13fc006a3b55756ae0534bd0d37a1b53a219b5d7de236f20b0262f3662659
- SHA512
  
  a71942c1b118eea7cd545bb44a08d047dcd6d09fa7a8e637b1a6bd9171bc689eb374d1937eb124f9ffc449fc65c66db39a42c3564946dca63e6b215f020f1c74
- SSDEEP
  
  1572864:8KTTF204vwsTTPn8chTPO8vJ4n1vy0XTDrz3mN1LrtXubAptsDilNoR07:TXF204v9n8chHuv7TD/2Tr4bgtsMNoS7
Score

7^/10

spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- An obfuscated cmd.exe command-line is typically used to evade detection.
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Credentials in Files

Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

© 2018-2025

Terms | Privacy