General

  • Target

    Craxs_Rat _V7.2_cracked.rar

  • Size

    244.6MB

  • Sample

    240314-x2wc6acg3y

  • MD5

    9aad4d3ad6c6f22ce80b4aa6d62c18cc

  • SHA1

    a2b2a2b6b55fc95d7f2780c55a1c099f91465f7d

  • SHA256

    49148555491250e429f06c66cf9a29034bf3d6580f6d9c5f6bd0755723e42183

  • SHA512

    5831292bf62989894b82366bfc0e3a4e1b079f8d8a5a0744323d10084fd4f982ecd5181b9e2665334a69dee3770c0ebc5845e79fb9f37fcf94d47634d700e6a5

  • SSDEEP

    6291456:7MG832CAT+fKnM5/It3lNcUcfWfAi/UcfWOUcfWZ:758hAT+CnM5cBM5V

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

https://api.telegram.org/bot6945743124:AAG8ieJ1VlUNWPUmGHnXTsQtOipwOr2dmlQ/sendMessage?chat_id=6067717150

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      Craxs_Rat _V7.2_cracked/CraxsRat v7.exe

    • Size

      63.5MB

    • MD5

      eed2bcfdd5ad9349469fcd531666530d

    • SHA1

      8801551e9ab5b0f5d8a5dbb1cec483fc393b5dca

    • SHA256

      7ad17c639132f863bcc07d79a571de0dbe3a07825034c3f81546c058dca50da1

    • SHA512

      70f80c53337534f13cb3566b5ff2c290356ce4661bb9d545ff712373d463821575a11b35e40640ce7f5a7d95039a6c8e48b9bc22b2dd8a3f2092ff559292b799

    • SSDEEP

      786432:j/+NX10EPRxXT0xHoA5AKF7zR/t6tKF+iSFgAxTKo2l:j+NX10qTQTAMzttZmFXtIl

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Target

      Craxs_Rat _V7.2_cracked/LiveCharts.dll

    • Size

      148KB

    • MD5

      9642899636959b7fc89bf34a8b998a90

    • SHA1

      479a0254d1c9e5565c7d861bb77f54b7eae50c96

    • SHA256

      9fcf89837b60f69c1c501e4cfa4d2860887afd0b8f325803367e795a4e3bc9ca

    • SHA512

      435dccb57ff3e9d0663770768c866838b19fbaa5b8e79de0ca111d9c73276f016e016d1d268f72cf3435ecac122039764fada952e1a4f68f368b492bb866c9a2

    • SSDEEP

      3072:saegvMNVoz3Vlw6/R3z3MV1IdJJGVKWHC2KdxFFT9lzo:VFJlwYMVWY65z

    Score
    1/10
    • Target

      Craxs_Rat _V7.2_cracked/NAudio.dll

    • Size

      498KB

    • MD5

      6ca17abccae3050f391401b2955f9333

    • SHA1

      0975b039a793accb58130d6639262cd291d80d5d

    • SHA256

      3ad5d09b4c8c3146d15955a564a9f1a57d7c795b189a25c6f722a738d95ef89c

    • SHA512

      c08f366aae9baf0e7762f47a2f79d0dee5187a1d7631e5838590b7c12911bdeb6247e0ff860ade36e04f1d6717f919ad98df6d3a1a556bff4b8994db9616ccec

    • SSDEEP

      12288:MnXnae2TPlr3zvzar5oRDaw92wP6mai9gs6C:K8lrT+r5ADakP4i9gs

    Score
    1/10
    • Target

      Craxs_Rat _V7.2_cracked/Newtonsoft.Json.dll

    • Size

      695KB

    • MD5

      195ffb7167db3219b217c4fd439eedd6

    • SHA1

      1e76e6099570ede620b76ed47cf8d03a936d49f8

    • SHA256

      e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d

    • SHA512

      56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

    • SSDEEP

      12288:GBja5bBvR8Q0TE2HB0WLmvXbsVG1Gw03RzxNHgKhwFBkjSHXP36RMGy1NqTUO:GBjk38WuBcAbwoA/BkjSHXP36RMG/

    Score
    1/10
    • Target

      Craxs_Rat _V7.2_cracked/System.IO.Compression.ZipFile.dll

    • Size

      24KB

    • MD5

      dcda916372128f13ada8b07026c1b3e7

    • SHA1

      99d6c187de8510206a93d2eed9c65e65e0c86e72

    • SHA256

      b5c12e9099643e2eda9b49edd0d98bdaed153c72a7e8e6235d8e78714402d16a

    • SHA512

      d66de5d61cf7090ce2e11ca8064723a44c2fdbd7ed937f1cf4198ebe13083037941b816ad9022d332bbb853666785600fa8b1faca94c498d2f82de73fe1e42f9

    • SSDEEP

      384:dK8Y54xRiW3mWeW+mWE3rq0GftpBj52ERHRN7dldBopPI:dKfemqiuEBHoa

    Score
    1/10
    • Target

      Craxs_Rat _V7.2_cracked/WinMM.Net.dll

    • Size

      43KB

    • MD5

      d4b80052c7b4093e10ce1f40ce74f707

    • SHA1

      2494a38f1c0d3a0aa9b31cf0650337cacc655697

    • SHA256

      59e2ac1b79840274bdfcef412a10058654e42f4285d732d1487e65e60ffbfb46

    • SHA512

      3813b81f741ae3adb07ae370e817597ed2803680841ccc7549babb727910c7bff4f8450670d0ca19a0d09e06f133a1aaefecf5b5620e1b0bdb6bcd409982c450

    • SSDEEP

      768:LyasDzF2TDSemqD9tGI+ffwj2Au0LVpqmf7KxcOOrYCPTxqPb85:LyaXKemqD9tGI+ffwj2Au0LVpq4KWrlv

    Score
    1/10
    • Target

      Craxs_Rat _V7.2_cracked/craxs.dll

    • Size

      16.2MB

    • MD5

      6976141e6a62ec976d7f94a068d7f2fa

    • SHA1

      d40990b875657d4b010005707432a8f36ab09a7b

    • SHA256

      b761133d4b9139dcb75eb0e7297676ceff9ca94ba7721b9615e557067ee301cd

    • SHA512

      288efc33649c35a2ef210f8168eadcce1bd2b3b7610cd4bc34b023f397e0c29324de81a1d990a6258a7db7f3c5ab3fbb17d729fcc518c6aa9231661eaa2f553f

    • SSDEEP

      393216:3Um8MPZGP+nnnX7QWtyYBlW8mZ/A2qG3Tr6bbOdEwHLuIS:3UmxIGnX7QWto8e/4MiXOdE+Lm

    Score
    1/10
    • Target

      Craxs_Rat _V7.2_cracked/res/GeoIP/Flags/ct.sym

    • Size

      9.7MB

    • MD5

      a1960fde6a4072a18c90d95684f8c1c6

    • SHA1

      bd77ecf202e76e95583e6607a387a152abb7d0b8

    • SHA256

      c413e0990f375fbbab04d97d0ad33ac729b4ce747d659621f7f3cdebe0068ecf

    • SHA512

      9020b646e11635b5f88bf4c07529e5191391ef062f6741940e9476584d2d9af6c4da7d5ad92223658f60c4a3804dec01146b7eb6aa6c2f22d3ca7d4624b40e95

    • SSDEEP

      196608:NCWH667Q77g2YMPn47Md1SzGAOBUcTe6im1hi:ksT7hMdsGfi

    Score
    1/10
    • Target

      Craxs_Rat _V7.2_cracked/res/GeoIP/Flags/d.zip

    • Size

      42.5MB

    • MD5

      b5994e198698faaea1ae3afc3bec47c7

    • SHA1

      9176a9a105edd2b8ee00e8ba6a1b988fdc21b08e

    • SHA256

      5235482cdb1e3916afc2a2781d1e684b3bb6c8b4e5e0ff213c5b25e7c8aa0348

    • SHA512

      36ad9e98e24839557ccd140f95682d75559c3217acf22dcb57fa7ddad70ac6897b9f4cc42ca2e8a5beb23b483290a7eb5938c2521168a0b2d1529dd29ffa8e33

    • SSDEEP

      786432:baTZcvQNlMHJsIiBwb6BLxTHn17dg76RLzglyDj8oB6OfUIFHockmsHFche:baTZEaKGIiBKcLxTHn1s6hzgIDzFHop

    Score
    1/10
    • Target

      Craxs_Rat _V7.2_cracked/res/GeoIP/Flags/fdfd.zip

    • Size

      42.5MB

    • MD5

      b5994e198698faaea1ae3afc3bec47c7

    • SHA1

      9176a9a105edd2b8ee00e8ba6a1b988fdc21b08e

    • SHA256

      5235482cdb1e3916afc2a2781d1e684b3bb6c8b4e5e0ff213c5b25e7c8aa0348

    • SHA512

      36ad9e98e24839557ccd140f95682d75559c3217acf22dcb57fa7ddad70ac6897b9f4cc42ca2e8a5beb23b483290a7eb5938c2521168a0b2d1529dd29ffa8e33

    • SSDEEP

      786432:baTZcvQNlMHJsIiBwb6BLxTHn17dg76RLzglyDj8oB6OfUIFHockmsHFche:baTZEaKGIiBKcLxTHn1s6hzgIDzFHop

    Score
    1/10
    • Target

      Craxs_Rat _V7.2_cracked/res/GeoIP/Flags/jexec

    • Size

      12KB

    • MD5

      5f9113adadb4ad3577513b1b5dfb77cd

    • SHA1

      a862ed468aac804323d400f23f317ccd63e7b2aa

    • SHA256

      5903d14c9e76573f5d9d4117a51d189d2ff73ebd6466c777a741b9af4b489fca

    • SHA512

      e545a07fe692e77683d67e29b5ad399caa24e345abb0a5154d308b79e145b5d3e83ca6db596347309d25224c784999ce97961bb5940af36106a07d9d16098087

    • SSDEEP

      96:RnT8iSBWBdWRJuRSWc06a3468/mRvl+e18KGjjojfhwco7/AETsBWB5z6UZN4+px:RnwJ85SjED8/Q45uwcok78P6YZ

    Score
    1/10
    • Target

      Craxs_Rat _V7.2_cracked/res/GeoIP/Flags/jrt-fs.jar

    • Size

      108KB

    • MD5

      156584757626b296f4301d5086ca4d05

    • SHA1

      cd01f0f92444c3f923099a198ca45e1bf72c1c54

    • SHA256

      c535864c794e0acd4ac7d1739f533518d32c7b54483ee2b742982c676fd7bf9f

    • SHA512

      35187ac99e9658f16cc7907c4428b1cced596e72966e87964ff119a35e25858bf4d2227bc6077e17117165bd99aaad44451ec050ae00faef0c1d6dee67576ebb

    • SSDEEP

      3072:yiAm4DZFYOPxpUncTvb+H6+kz+KXkeJ2hCNTeRr:yJzDbLpUm5vrXkI2cNSRr

    Score
    7/10
    • Target

      Craxs_Rat _V7.2_cracked/res/GeoIP/Flags/libzip.so

    • Size

      40KB

    • MD5

      91a057f01202a4f9ebb521be4c7449e5

    • SHA1

      e0e3a46a3c60364c7e3c09ef9591fe015af37a3f

    • SHA256

      513a7f8ad35b21a25c2f018d915d0b0f7a998207de3055ca8b7880e2cdda9581

    • SHA512

      a7d88e532fd076fca00927a97c05556c8fa969b0e670d607e83700f76eb6d46ea18556059b3bfc63fdbd900f7258345718c7dc788d4e03c1a4cb9756584c8a3d

    • SSDEEP

      384:10AZTx3HOrUGDNkIrlzoYHqqMuRAgztvEYmCEfwhd6/QzOV1RHbOErOhwCWxTxB:10dIGZcJiAqBbhdVqTZve

    Score
    1/10
    • Target

      Craxs_Rat _V7.2_cracked/res/GeoIP/Flags/src.zip

    • Size

      42.5MB

    • MD5

      b5994e198698faaea1ae3afc3bec47c7

    • SHA1

      9176a9a105edd2b8ee00e8ba6a1b988fdc21b08e

    • SHA256

      5235482cdb1e3916afc2a2781d1e684b3bb6c8b4e5e0ff213c5b25e7c8aa0348

    • SHA512

      36ad9e98e24839557ccd140f95682d75559c3217acf22dcb57fa7ddad70ac6897b9f4cc42ca2e8a5beb23b483290a7eb5938c2521168a0b2d1529dd29ffa8e33

    • SSDEEP

      786432:baTZcvQNlMHJsIiBwb6BLxTHn17dg76RLzglyDj8oB6OfUIFHockmsHFche:baTZEaKGIiBKcLxTHn1s6hzgIDzFHop

    Score
    1/10
    • Target

      Craxs_Rat _V7.2_cracked/res/Icons/resoicons.zip

    • Size

      17KB

    • MD5

      711038a34d74b7761b682a98c33dbb79

    • SHA1

      c01bfb825492f6c01d722cc33856c078bbe88eaf

    • SHA256

      566ae1a15a0bd266f76b427e6f4c284cd7ed81780eb1e86c9043072bd6e489b1

    • SHA512

      8af97e33df8b9fc400f3d9a50917affc699fe59fc49b46e268e7376d539fb2454f4069927a945eacbd9e9a5fee148ec51d5337895c5b5426764d10882df3b705

    • SSDEEP

      384:lUu+sW/C3Ymu7Om1oSDN7iXF/bH9K3uusDt9CzWmVzIRNfK4WEF8evfy5+9ODU:t+sW63E7H+S5a/bgDBymzIbfK4WEF8Kx

    Score
    1/10
    • Target

      Craxs_Rat _V7.2_cracked/res/Lib/7z.dll

    • Size

      1.2MB

    • MD5

      34738b1b326c7f65d365a5b33e045662

    • SHA1

      54f86f6d3b5d96584d6d2a76023f3522e09706fe

    • SHA256

      4d61796b499a4177b03e8e36778ec57293bebbf26412c69e19d3248602a2bb8a

    • SHA512

      134faa16f9913d4cfdfb8efdc9cdda6ff6907016e0f46e3f72792cbc183a688fab0484f251efa562639a75582e380b099481d79d6324e5aded0a8041492414ce

    • SSDEEP

      24576:XXm+ENgUCp+R3RuC2HhS6yR1xF2rH8W7f3z9L/SDidq2:HX7cRuC2Q6S36DJuKq

    Score
    3/10
    • Target

      Craxs_Rat _V7.2_cracked/res/Lib/7z.exe

    • Size

      1.0MB

    • MD5

      c90af375bc40d0506c16b4ed75efccb6

    • SHA1

      cd29f79b128ba67bc30e44e7a0365c5ffd3be376

    • SHA256

      c6e3aa8b8b76b9e3b9df71b3f31d1b7a23f2a031099aceb68c39f38945b65dc0

    • SHA512

      f0f9e9f6d92ebf20a5303be38e41f66fd052141f04db14ad1d30c974a4e4e70abd51340fe92658563bdb6a7587d9117883241de5bdd123a6e259123869dbabaa

    • SSDEEP

      24576:xnsJ39LyjbJkQFMhmC+6GD9P377SqLk2JC5RzHl:xnsHyjtk2MYC5GDR77k2OHl

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks

static1

agilenetratdefaultasyncratstormkitty
Score
10/10

behavioral1

persistence
Score
7/10

behavioral2

persistence
Score
7/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

discovery
Score
7/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
3/10

behavioral30

Score
3/10

behavioral31

persistence
Score
7/10

behavioral32

persistence
Score
7/10