Extracted

• • Target

    Craxs_Rat_V4.rar

  • Size

    196.0MB

  • MD5

    3a9b4a471bd24ab6b31d7a1154be9e8d

  • SHA1

    641239f0ffeababb63b4367a276df3096bd6b083

  • SHA256

    32ab2efc11d1b38e7530c93bab00ee327e6657d30c4105d9eafee2b8e143b829

  • SHA512

    35a21a05c2ac5630d851b0113bb16ab516c356265465c91f1f64d6256e47923c8ecd4566b9326a760b5f8219a407d2ef305983e9e5c9bccd2b6da92b1c3d11fb

  • SSDEEP

    3145728:7IXHuQYfgMVpnN4X7qvus7lHHYa8WsSkyZT25OH5kN4NQ908t24lZT25OZbU3IoH:7i/g/nNy7qvus7lnF8v4ykkRm0yP8SkY

  Score

  10^/10

  asyncratstormkittydefaultadwareevasionpersistenceratspywarestealertrojan

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • StormKitty

    StormKitty is an open source info stealer written in C#.

    stealerstormkitty

  • StormKitty payload

  • Async RAT payload

    rat

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Checks whether UAC is enabled

    evasiontrojan

  • Drops desktop.ini file(s)

  • Installs/modifies Browser Helper Object

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Looks up geolocation information via web service

    Uses a legitimate geolocation service to find the infected system's geolocation info.

  behavioral1behavioral2behavioral3behavioral4