General
-
Target
CraxsRat 3.9.2.rar
-
Size
335.5MB
-
Sample
240525-p6157sch7s
-
MD5
ea8c95aec54968aa5358790411e37e6d
-
SHA1
05510fea19888a114801a160ba7771229b2afb71
-
SHA256
e37a2e844d1e25a064d475442d514b020e9950c465beee965df45f4e0f445c60
-
SHA512
1f30339aa05641746c102d5810a21c6633eae3966d3802d4d44090edc3f51cc9b9d917ddcd5688a537a8d714d37f37bc5293fcf15f250de93536576edca17436
-
SSDEEP
6291456:/9vuWlbABKecinWAsHQcwSsMykkRm0yP8SkyykkRm0yP8SkO:/9G4sKo0HvwSvd78Cd78W
Behavioral task
behavioral1
Sample
CraxsRat 3.9.2.rar
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
CraxsRat 3.9.2.rar
Resource
win7-20240508-en
Behavioral task
behavioral3
Sample
CraxsRat 3.9.2.rar
Resource
win10v2004-20240426-en
Behavioral task
behavioral4
Sample
CraxsRat 3.9.2.rar
Resource
win11-20240508-en
Malware Config
Extracted
quasar
1.4.1
Hacked by CraxsRat
hack4money.myftp.org:10067
6b9b4d43-c223-49a2-9050-e462f566915f
-
encryption_key
99DFDADE8D77070B46DB1CB1E60163A871819F59
-
install_name
SearchApp.exe
-
log_directory
Logs
-
reconnect_delay
30000
-
startup_key
Windows Product Key Sucessfully Activated
-
subdirectory
System
Targets
-
-
Target
CraxsRat 3.9.2.rar
-
Size
335.5MB
-
MD5
ea8c95aec54968aa5358790411e37e6d
-
SHA1
05510fea19888a114801a160ba7771229b2afb71
-
SHA256
e37a2e844d1e25a064d475442d514b020e9950c465beee965df45f4e0f445c60
-
SHA512
1f30339aa05641746c102d5810a21c6633eae3966d3802d4d44090edc3f51cc9b9d917ddcd5688a537a8d714d37f37bc5293fcf15f250de93536576edca17436
-
SSDEEP
6291456:/9vuWlbABKecinWAsHQcwSsMykkRm0yP8SkyykkRm0yP8SkO:/9G4sKo0HvwSvd78Cd78W
Score10/10-
Quasar payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-