General
-
Target
CraxsRat V6.7.rar
-
Size
224.5MB
-
Sample
240522-tgj8lsge72
-
MD5
16486345e6b20f7ae900fb02b89f3b08
-
SHA1
a9125234f9ff3618bde6d59a7a139ab34ecfc9ec
-
SHA256
46cee2ff6c518b75b82f818002e3434c72f12539ad07995c77e383ef52fb33fa
-
SHA512
21f57b4e40a4035bb5d97b08d1523b097ccfa37056af7ca3aa342af50f5b614ff1bdf1faf6a307268dcb006faa1fda0562963ec60066e519449b9280a9675276
-
SSDEEP
6291456:Crxm6Seo6ykkRm0yP8SkmYZoryFWDXFEe:Cr97d78WQWJEe
Behavioral task
behavioral1
Sample
CraxsRat V6.7.rar
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
CraxsRat V6.7.rar
-
Size
224.5MB
-
MD5
16486345e6b20f7ae900fb02b89f3b08
-
SHA1
a9125234f9ff3618bde6d59a7a139ab34ecfc9ec
-
SHA256
46cee2ff6c518b75b82f818002e3434c72f12539ad07995c77e383ef52fb33fa
-
SHA512
21f57b4e40a4035bb5d97b08d1523b097ccfa37056af7ca3aa342af50f5b614ff1bdf1faf6a307268dcb006faa1fda0562963ec60066e519449b9280a9675276
-
SSDEEP
6291456:Crxm6Seo6ykkRm0yP8SkmYZoryFWDXFEe:Cr97d78WQWJEe
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-