Overview

overview

8

Static

static

3

Carding Ma...e].exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    Carding Machine by X-Rob [Craxpro.io - Crax.Tube].exe

  • Size

    6.3MB

  • Sample

    240527-rsj1wagf53

  • MD5

    4fec4817c219909ca9d3ce10a01d97c7

  • SHA1

    0e7272cc88eb9364cb1a41efcb70fa8676222b45

  • SHA256

    8a7e6a7d96ffb6c61fccfa10cdf8fca665e21a9369efe759c9a6f58c0c6c2d0d

  • SHA512

    8872652cdda3936e9eb8a8af6be6453110364f725f4b12e9056c00addf53f2de556ebc6eb591c007139abc4b7106074c76eae5a9d39b06cccf0c8a3b0c0be8eb

  • SSDEEP

    196608:rRborAtFuMYVYQdftZBtQeC298TafVGOo0:r3YMsdht/C29dGO7

Score
8/10
bootkitpersistence

Malware Config

Targets

    • Target

      Carding Machine by X-Rob [Craxpro.io - Crax.Tube].exe

    • Size

      6.3MB

    • MD5

      4fec4817c219909ca9d3ce10a01d97c7

    • SHA1

      0e7272cc88eb9364cb1a41efcb70fa8676222b45

    • SHA256

      8a7e6a7d96ffb6c61fccfa10cdf8fca665e21a9369efe759c9a6f58c0c6c2d0d

    • SHA512

      8872652cdda3936e9eb8a8af6be6453110364f725f4b12e9056c00addf53f2de556ebc6eb591c007139abc4b7106074c76eae5a9d39b06cccf0c8a3b0c0be8eb

    • SSDEEP

      196608:rRborAtFuMYVYQdftZBtQeC298TafVGOo0:r3YMsdht/C29dGO7

    Score
    8/10
    bootkitpersistence

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks