General
-
Target
CraxsRat V6.7.rar
-
Size
224.5MB
-
Sample
240522-vwlknaac78
-
MD5
16486345e6b20f7ae900fb02b89f3b08
-
SHA1
a9125234f9ff3618bde6d59a7a139ab34ecfc9ec
-
SHA256
46cee2ff6c518b75b82f818002e3434c72f12539ad07995c77e383ef52fb33fa
-
SHA512
21f57b4e40a4035bb5d97b08d1523b097ccfa37056af7ca3aa342af50f5b614ff1bdf1faf6a307268dcb006faa1fda0562963ec60066e519449b9280a9675276
-
SSDEEP
6291456:Crxm6Seo6ykkRm0yP8SkmYZoryFWDXFEe:Cr97d78WQWJEe
Behavioral task
behavioral1
Sample
CraxsRat VIP/CraxsRat VIP/CraxsRat.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
CraxsRat VIP/CraxsRat VIP/CraxsRat.exe
-
Size
87.0MB
-
MD5
d87d21db061026bd81a29b09a7674769
-
SHA1
4a398ac89d70dcf511fd853839355105250ba7d5
-
SHA256
6f6c5af7a14cf93d214f579d617abd5253821643e002562921945a8f2775bb06
-
SHA512
9b3fef9e28b94bafac58f16a066c6e23eb7d877e95c33d77423d43f8692bab72fec433260a1dd36ee28800550f8ab1258ce727ebb3340257c96de36c35bd93b7
-
SSDEEP
196608:H7umWewROjmFwDRxtYSHdK34kdai7bN3m2dFG:yD8K2pM9B3QsY
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-