Overview
overview
10Static
static
10Craxs_Rat ...v7.exe
windows7-x64
7Craxs_Rat ...v7.exe
windows10-2004-x64
7Craxs_Rat ...ts.dll
windows7-x64
1Craxs_Rat ...ts.dll
windows10-2004-x64
1Craxs_Rat ...io.dll
windows7-x64
1Craxs_Rat ...io.dll
windows10-2004-x64
1Craxs_Rat ...on.dll
windows7-x64
1Craxs_Rat ...on.dll
windows10-2004-x64
1Craxs_Rat ...le.dll
windows7-x64
1Craxs_Rat ...le.dll
windows10-2004-x64
1Craxs_Rat ...et.dll
windows7-x64
1Craxs_Rat ...et.dll
windows10-2004-x64
1Craxs_Rat ...xs.dll
windows7-x64
1Craxs_Rat ...xs.dll
windows10-2004-x64
1Craxs_Rat ...ct.zip
windows7-x64
1Craxs_Rat ...ct.zip
windows10-2004-x64
1Craxs_Rat .../d.zip
windows7-x64
1Craxs_Rat .../d.zip
windows10-2004-x64
1Craxs_Rat ...fd.zip
windows7-x64
1Craxs_Rat ...fd.zip
windows10-2004-x64
1Craxs_Rat .../jexec
ubuntu-18.04-amd64
1Craxs_Rat ...fs.jar
windows7-x64
1Craxs_Rat ...fs.jar
windows10-2004-x64
7Craxs_Rat ...zip.so
ubuntu-20.04-amd64
1Craxs_Rat ...rc.zip
windows7-x64
1Craxs_Rat ...rc.zip
windows10-2004-x64
1Craxs_Rat ...ns.zip
windows7-x64
1Craxs_Rat ...ns.zip
windows10-2004-x64
1Craxs_Rat ...7z.dll
windows7-x64
3Craxs_Rat ...7z.dll
windows10-2004-x64
3Craxs_Rat ...7z.exe
windows7-x64
7Craxs_Rat ...7z.exe
windows10-2004-x64
7General
-
Target
Craxs_Rat _V7.2_cracked.rar
-
Size
244.6MB
-
Sample
240314-x2wc6acg3y
-
MD5
9aad4d3ad6c6f22ce80b4aa6d62c18cc
-
SHA1
a2b2a2b6b55fc95d7f2780c55a1c099f91465f7d
-
SHA256
49148555491250e429f06c66cf9a29034bf3d6580f6d9c5f6bd0755723e42183
-
SHA512
5831292bf62989894b82366bfc0e3a4e1b079f8d8a5a0744323d10084fd4f982ecd5181b9e2665334a69dee3770c0ebc5845e79fb9f37fcf94d47634d700e6a5
-
SSDEEP
6291456:7MG832CAT+fKnM5/It3lNcUcfWfAi/UcfWOUcfWZ:758hAT+CnM5cBM5V
Behavioral task
behavioral1
Sample
Craxs_Rat _V7.2_cracked/CraxsRat v7.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Craxs_Rat _V7.2_cracked/CraxsRat v7.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
Craxs_Rat _V7.2_cracked/LiveCharts.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
Craxs_Rat _V7.2_cracked/LiveCharts.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
Craxs_Rat _V7.2_cracked/NAudio.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
Craxs_Rat _V7.2_cracked/NAudio.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
Craxs_Rat _V7.2_cracked/Newtonsoft.Json.dll
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
Craxs_Rat _V7.2_cracked/Newtonsoft.Json.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
Craxs_Rat _V7.2_cracked/System.IO.Compression.ZipFile.dll
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
Craxs_Rat _V7.2_cracked/System.IO.Compression.ZipFile.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral11
Sample
Craxs_Rat _V7.2_cracked/WinMM.Net.dll
Resource
win7-20240215-en
Behavioral task
behavioral12
Sample
Craxs_Rat _V7.2_cracked/WinMM.Net.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral13
Sample
Craxs_Rat _V7.2_cracked/craxs.dll
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
Craxs_Rat _V7.2_cracked/craxs.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral15
Sample
Craxs_Rat _V7.2_cracked/res/GeoIP/Flags/ct.zip
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
Craxs_Rat _V7.2_cracked/res/GeoIP/Flags/ct.zip
Resource
win10v2004-20240226-en
Behavioral task
behavioral17
Sample
Craxs_Rat _V7.2_cracked/res/GeoIP/Flags/d.zip
Resource
win7-20240215-en
Behavioral task
behavioral18
Sample
Craxs_Rat _V7.2_cracked/res/GeoIP/Flags/d.zip
Resource
win10v2004-20240226-en
Behavioral task
behavioral19
Sample
Craxs_Rat _V7.2_cracked/res/GeoIP/Flags/fdfd.zip
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
Craxs_Rat _V7.2_cracked/res/GeoIP/Flags/fdfd.zip
Resource
win10v2004-20240226-en
Behavioral task
behavioral21
Sample
Craxs_Rat _V7.2_cracked/res/GeoIP/Flags/jexec
Resource
ubuntu1804-amd64-20240226-en
Behavioral task
behavioral22
Sample
Craxs_Rat _V7.2_cracked/res/GeoIP/Flags/jrt-fs.jar
Resource
win7-20240221-en
Behavioral task
behavioral23
Sample
Craxs_Rat _V7.2_cracked/res/GeoIP/Flags/jrt-fs.jar
Resource
win10v2004-20240226-en
Behavioral task
behavioral24
Sample
Craxs_Rat _V7.2_cracked/res/GeoIP/Flags/libzip.so
Resource
ubuntu2004-amd64-20240221-en
Behavioral task
behavioral25
Sample
Craxs_Rat _V7.2_cracked/res/GeoIP/Flags/src.zip
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
Craxs_Rat _V7.2_cracked/res/GeoIP/Flags/src.zip
Resource
win10v2004-20231215-en
Behavioral task
behavioral27
Sample
Craxs_Rat _V7.2_cracked/res/Icons/resoicons.zip
Resource
win7-20240221-en
Behavioral task
behavioral28
Sample
Craxs_Rat _V7.2_cracked/res/Icons/resoicons.zip
Resource
win10v2004-20240226-en
Behavioral task
behavioral29
Sample
Craxs_Rat _V7.2_cracked/res/Lib/7z.dll
Resource
win7-20240221-en
Behavioral task
behavioral30
Sample
Craxs_Rat _V7.2_cracked/res/Lib/7z.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral31
Sample
Craxs_Rat _V7.2_cracked/res/Lib/7z.exe
Resource
win7-20240215-en
Behavioral task
behavioral32
Sample
Craxs_Rat _V7.2_cracked/res/Lib/7z.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
asyncrat
Default
127.0.0.1:6606
127.0.0.1:7707
127.0.0.1:8808
https://api.telegram.org/bot6945743124:AAG8ieJ1VlUNWPUmGHnXTsQtOipwOr2dmlQ/sendMessage?chat_id=6067717150
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
Craxs_Rat _V7.2_cracked/CraxsRat v7.exe
-
Size
63.5MB
-
MD5
eed2bcfdd5ad9349469fcd531666530d
-
SHA1
8801551e9ab5b0f5d8a5dbb1cec483fc393b5dca
-
SHA256
7ad17c639132f863bcc07d79a571de0dbe3a07825034c3f81546c058dca50da1
-
SHA512
70f80c53337534f13cb3566b5ff2c290356ce4661bb9d545ff712373d463821575a11b35e40640ce7f5a7d95039a6c8e48b9bc22b2dd8a3f2092ff559292b799
-
SSDEEP
786432:j/+NX10EPRxXT0xHoA5AKF7zR/t6tKF+iSFgAxTKo2l:j+NX10qTQTAMzttZmFXtIl
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
-
-
Target
Craxs_Rat _V7.2_cracked/LiveCharts.dll
-
Size
148KB
-
MD5
9642899636959b7fc89bf34a8b998a90
-
SHA1
479a0254d1c9e5565c7d861bb77f54b7eae50c96
-
SHA256
9fcf89837b60f69c1c501e4cfa4d2860887afd0b8f325803367e795a4e3bc9ca
-
SHA512
435dccb57ff3e9d0663770768c866838b19fbaa5b8e79de0ca111d9c73276f016e016d1d268f72cf3435ecac122039764fada952e1a4f68f368b492bb866c9a2
-
SSDEEP
3072:saegvMNVoz3Vlw6/R3z3MV1IdJJGVKWHC2KdxFFT9lzo:VFJlwYMVWY65z
Score1/10 -
-
-
Target
Craxs_Rat _V7.2_cracked/NAudio.dll
-
Size
498KB
-
MD5
6ca17abccae3050f391401b2955f9333
-
SHA1
0975b039a793accb58130d6639262cd291d80d5d
-
SHA256
3ad5d09b4c8c3146d15955a564a9f1a57d7c795b189a25c6f722a738d95ef89c
-
SHA512
c08f366aae9baf0e7762f47a2f79d0dee5187a1d7631e5838590b7c12911bdeb6247e0ff860ade36e04f1d6717f919ad98df6d3a1a556bff4b8994db9616ccec
-
SSDEEP
12288:MnXnae2TPlr3zvzar5oRDaw92wP6mai9gs6C:K8lrT+r5ADakP4i9gs
Score1/10 -
-
-
Target
Craxs_Rat _V7.2_cracked/Newtonsoft.Json.dll
-
Size
695KB
-
MD5
195ffb7167db3219b217c4fd439eedd6
-
SHA1
1e76e6099570ede620b76ed47cf8d03a936d49f8
-
SHA256
e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d
-
SHA512
56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac
-
SSDEEP
12288:GBja5bBvR8Q0TE2HB0WLmvXbsVG1Gw03RzxNHgKhwFBkjSHXP36RMGy1NqTUO:GBjk38WuBcAbwoA/BkjSHXP36RMG/
Score1/10 -
-
-
Target
Craxs_Rat _V7.2_cracked/System.IO.Compression.ZipFile.dll
-
Size
24KB
-
MD5
dcda916372128f13ada8b07026c1b3e7
-
SHA1
99d6c187de8510206a93d2eed9c65e65e0c86e72
-
SHA256
b5c12e9099643e2eda9b49edd0d98bdaed153c72a7e8e6235d8e78714402d16a
-
SHA512
d66de5d61cf7090ce2e11ca8064723a44c2fdbd7ed937f1cf4198ebe13083037941b816ad9022d332bbb853666785600fa8b1faca94c498d2f82de73fe1e42f9
-
SSDEEP
384:dK8Y54xRiW3mWeW+mWE3rq0GftpBj52ERHRN7dldBopPI:dKfemqiuEBHoa
Score1/10 -
-
-
Target
Craxs_Rat _V7.2_cracked/WinMM.Net.dll
-
Size
43KB
-
MD5
d4b80052c7b4093e10ce1f40ce74f707
-
SHA1
2494a38f1c0d3a0aa9b31cf0650337cacc655697
-
SHA256
59e2ac1b79840274bdfcef412a10058654e42f4285d732d1487e65e60ffbfb46
-
SHA512
3813b81f741ae3adb07ae370e817597ed2803680841ccc7549babb727910c7bff4f8450670d0ca19a0d09e06f133a1aaefecf5b5620e1b0bdb6bcd409982c450
-
SSDEEP
768:LyasDzF2TDSemqD9tGI+ffwj2Au0LVpqmf7KxcOOrYCPTxqPb85:LyaXKemqD9tGI+ffwj2Au0LVpq4KWrlv
Score1/10 -
-
-
Target
Craxs_Rat _V7.2_cracked/craxs.dll
-
Size
16.2MB
-
MD5
6976141e6a62ec976d7f94a068d7f2fa
-
SHA1
d40990b875657d4b010005707432a8f36ab09a7b
-
SHA256
b761133d4b9139dcb75eb0e7297676ceff9ca94ba7721b9615e557067ee301cd
-
SHA512
288efc33649c35a2ef210f8168eadcce1bd2b3b7610cd4bc34b023f397e0c29324de81a1d990a6258a7db7f3c5ab3fbb17d729fcc518c6aa9231661eaa2f553f
-
SSDEEP
393216:3Um8MPZGP+nnnX7QWtyYBlW8mZ/A2qG3Tr6bbOdEwHLuIS:3UmxIGnX7QWto8e/4MiXOdE+Lm
Score1/10 -
-
-
Target
Craxs_Rat _V7.2_cracked/res/GeoIP/Flags/ct.sym
-
Size
9.7MB
-
MD5
a1960fde6a4072a18c90d95684f8c1c6
-
SHA1
bd77ecf202e76e95583e6607a387a152abb7d0b8
-
SHA256
c413e0990f375fbbab04d97d0ad33ac729b4ce747d659621f7f3cdebe0068ecf
-
SHA512
9020b646e11635b5f88bf4c07529e5191391ef062f6741940e9476584d2d9af6c4da7d5ad92223658f60c4a3804dec01146b7eb6aa6c2f22d3ca7d4624b40e95
-
SSDEEP
196608:NCWH667Q77g2YMPn47Md1SzGAOBUcTe6im1hi:ksT7hMdsGfi
Score1/10 -
-
-
Target
Craxs_Rat _V7.2_cracked/res/GeoIP/Flags/d.zip
-
Size
42.5MB
-
MD5
b5994e198698faaea1ae3afc3bec47c7
-
SHA1
9176a9a105edd2b8ee00e8ba6a1b988fdc21b08e
-
SHA256
5235482cdb1e3916afc2a2781d1e684b3bb6c8b4e5e0ff213c5b25e7c8aa0348
-
SHA512
36ad9e98e24839557ccd140f95682d75559c3217acf22dcb57fa7ddad70ac6897b9f4cc42ca2e8a5beb23b483290a7eb5938c2521168a0b2d1529dd29ffa8e33
-
SSDEEP
786432:baTZcvQNlMHJsIiBwb6BLxTHn17dg76RLzglyDj8oB6OfUIFHockmsHFche:baTZEaKGIiBKcLxTHn1s6hzgIDzFHop
Score1/10 -
-
-
Target
Craxs_Rat _V7.2_cracked/res/GeoIP/Flags/fdfd.zip
-
Size
42.5MB
-
MD5
b5994e198698faaea1ae3afc3bec47c7
-
SHA1
9176a9a105edd2b8ee00e8ba6a1b988fdc21b08e
-
SHA256
5235482cdb1e3916afc2a2781d1e684b3bb6c8b4e5e0ff213c5b25e7c8aa0348
-
SHA512
36ad9e98e24839557ccd140f95682d75559c3217acf22dcb57fa7ddad70ac6897b9f4cc42ca2e8a5beb23b483290a7eb5938c2521168a0b2d1529dd29ffa8e33
-
SSDEEP
786432:baTZcvQNlMHJsIiBwb6BLxTHn17dg76RLzglyDj8oB6OfUIFHockmsHFche:baTZEaKGIiBKcLxTHn1s6hzgIDzFHop
Score1/10 -
-
-
Target
Craxs_Rat _V7.2_cracked/res/GeoIP/Flags/jexec
-
Size
12KB
-
MD5
5f9113adadb4ad3577513b1b5dfb77cd
-
SHA1
a862ed468aac804323d400f23f317ccd63e7b2aa
-
SHA256
5903d14c9e76573f5d9d4117a51d189d2ff73ebd6466c777a741b9af4b489fca
-
SHA512
e545a07fe692e77683d67e29b5ad399caa24e345abb0a5154d308b79e145b5d3e83ca6db596347309d25224c784999ce97961bb5940af36106a07d9d16098087
-
SSDEEP
96:RnT8iSBWBdWRJuRSWc06a3468/mRvl+e18KGjjojfhwco7/AETsBWB5z6UZN4+px:RnwJ85SjED8/Q45uwcok78P6YZ
Score1/10 -
-
-
Target
Craxs_Rat _V7.2_cracked/res/GeoIP/Flags/jrt-fs.jar
-
Size
108KB
-
MD5
156584757626b296f4301d5086ca4d05
-
SHA1
cd01f0f92444c3f923099a198ca45e1bf72c1c54
-
SHA256
c535864c794e0acd4ac7d1739f533518d32c7b54483ee2b742982c676fd7bf9f
-
SHA512
35187ac99e9658f16cc7907c4428b1cced596e72966e87964ff119a35e25858bf4d2227bc6077e17117165bd99aaad44451ec050ae00faef0c1d6dee67576ebb
-
SSDEEP
3072:yiAm4DZFYOPxpUncTvb+H6+kz+KXkeJ2hCNTeRr:yJzDbLpUm5vrXkI2cNSRr
Score7/10-
Modifies file permissions
-
-
-
Target
Craxs_Rat _V7.2_cracked/res/GeoIP/Flags/libzip.so
-
Size
40KB
-
MD5
91a057f01202a4f9ebb521be4c7449e5
-
SHA1
e0e3a46a3c60364c7e3c09ef9591fe015af37a3f
-
SHA256
513a7f8ad35b21a25c2f018d915d0b0f7a998207de3055ca8b7880e2cdda9581
-
SHA512
a7d88e532fd076fca00927a97c05556c8fa969b0e670d607e83700f76eb6d46ea18556059b3bfc63fdbd900f7258345718c7dc788d4e03c1a4cb9756584c8a3d
-
SSDEEP
384:10AZTx3HOrUGDNkIrlzoYHqqMuRAgztvEYmCEfwhd6/QzOV1RHbOErOhwCWxTxB:10dIGZcJiAqBbhdVqTZve
Score1/10 -
-
-
Target
Craxs_Rat _V7.2_cracked/res/GeoIP/Flags/src.zip
-
Size
42.5MB
-
MD5
b5994e198698faaea1ae3afc3bec47c7
-
SHA1
9176a9a105edd2b8ee00e8ba6a1b988fdc21b08e
-
SHA256
5235482cdb1e3916afc2a2781d1e684b3bb6c8b4e5e0ff213c5b25e7c8aa0348
-
SHA512
36ad9e98e24839557ccd140f95682d75559c3217acf22dcb57fa7ddad70ac6897b9f4cc42ca2e8a5beb23b483290a7eb5938c2521168a0b2d1529dd29ffa8e33
-
SSDEEP
786432:baTZcvQNlMHJsIiBwb6BLxTHn17dg76RLzglyDj8oB6OfUIFHockmsHFche:baTZEaKGIiBKcLxTHn1s6hzgIDzFHop
Score1/10 -
-
-
Target
Craxs_Rat _V7.2_cracked/res/Icons/resoicons.zip
-
Size
17KB
-
MD5
711038a34d74b7761b682a98c33dbb79
-
SHA1
c01bfb825492f6c01d722cc33856c078bbe88eaf
-
SHA256
566ae1a15a0bd266f76b427e6f4c284cd7ed81780eb1e86c9043072bd6e489b1
-
SHA512
8af97e33df8b9fc400f3d9a50917affc699fe59fc49b46e268e7376d539fb2454f4069927a945eacbd9e9a5fee148ec51d5337895c5b5426764d10882df3b705
-
SSDEEP
384:lUu+sW/C3Ymu7Om1oSDN7iXF/bH9K3uusDt9CzWmVzIRNfK4WEF8evfy5+9ODU:t+sW63E7H+S5a/bgDBymzIbfK4WEF8Kx
Score1/10 -
-
-
Target
Craxs_Rat _V7.2_cracked/res/Lib/7z.dll
-
Size
1.2MB
-
MD5
34738b1b326c7f65d365a5b33e045662
-
SHA1
54f86f6d3b5d96584d6d2a76023f3522e09706fe
-
SHA256
4d61796b499a4177b03e8e36778ec57293bebbf26412c69e19d3248602a2bb8a
-
SHA512
134faa16f9913d4cfdfb8efdc9cdda6ff6907016e0f46e3f72792cbc183a688fab0484f251efa562639a75582e380b099481d79d6324e5aded0a8041492414ce
-
SSDEEP
24576:XXm+ENgUCp+R3RuC2HhS6yR1xF2rH8W7f3z9L/SDidq2:HX7cRuC2Q6S36DJuKq
Score3/10 -
-
-
Target
Craxs_Rat _V7.2_cracked/res/Lib/7z.exe
-
Size
1.0MB
-
MD5
c90af375bc40d0506c16b4ed75efccb6
-
SHA1
cd29f79b128ba67bc30e44e7a0365c5ffd3be376
-
SHA256
c6e3aa8b8b76b9e3b9df71b3f31d1b7a23f2a031099aceb68c39f38945b65dc0
-
SHA512
f0f9e9f6d92ebf20a5303be38e41f66fd052141f04db14ad1d30c974a4e4e70abd51340fe92658563bdb6a7587d9117883241de5bdd123a6e259123869dbabaa
-
SSDEEP
24576:xnsJ39LyjbJkQFMhmC+6GD9P377SqLk2JC5RzHl:xnsHyjtk2MYC5GDR77k2OHl
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-