blankgrabber | aaeebeabc0b7692d3ed3dfb5e6efb8966c87d89c5b32617eba72829d9174c26a

Sharing

Copy URL

Twitter E-mail

General

Target

CraxsRatV6.7.rar
Size

63.5MB
Sample

240603-jaaeqahb94
MD5

4b69081a9cda05d04cb136bbe3a7b6eb
SHA1

fbc6f19e1285f1e664809d890574cb7d47e59bb8
SHA256

aaeebeabc0b7692d3ed3dfb5e6efb8966c87d89c5b32617eba72829d9174c26a
SHA512

37489e9838115080707b9732314970174ceb17757d99ba5744a25d499718ecdf79055098cdb80506d141d889456959840e7a452f84a4b4a92bbe3e148c179e35
SSDEEP

1572864:CrxlXlguB4NhAg1J6+8/Fu/nhYT5HWbUGQJT26i4:CrxXR4hJ6+pfmTkYZT254

Score

10^/10

Malware Config

Targets

- Target
  
  CraxsRat VIP/CraxsRat VIP/ChangeLog.html
- Size
  
  38KB
- MD5
  
  68be5f2305d89845ae9c4e81e5b493ef
- SHA1
  
  e6467906b143472331b6184ddf6471e3cb698502
- SHA256
  
  6b7feccc3c61f99c5db7890187c9564be846253a09fee88b599b7d7ec14f9713
- SHA512
  
  e9e38898d379f45b333ee505a93234b772c642edcf2acb3363e920a9bccddb6017407d0f40ddde3671656c058cf2a29436f8bacb1c6e4198746f87f65ef393f0
- SSDEEP
  
  768:aXBgQ5S40stgDDTos12kMhmAmCA2Q/CgjL8gYPCIOO8vP3zMryFF:aeQw40g0Tbe0Ama+Cg/2D7GMm
Score

1^/10
behavioral1 behavioral2
- Target
  
  CraxsRat VIP/CraxsRat VIP/CraxsRat.exe
- Size
  
  87.0MB
- MD5
  
  d87d21db061026bd81a29b09a7674769
- SHA1
  
  4a398ac89d70dcf511fd853839355105250ba7d5
- SHA256
  
  6f6c5af7a14cf93d214f579d617abd5253821643e002562921945a8f2775bb06
- SHA512
  
  9b3fef9e28b94bafac58f16a066c6e23eb7d877e95c33d77423d43f8692bab72fec433260a1dd36ee28800550f8ab1258ce727ebb3340257c96de36c35bd93b7
- SSDEEP
  
  196608:H7umWewROjmFwDRxtYSHdK34kdai7bN3m2dFG:yD8K2pM9B3QsY
Score

8^/10

upx execution spyware stealer
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral3 behavioral4
- Target
  
  CraxsRat VIP/CraxsRat VIP/DrakeUI.Framework.dll
- Size
  
  1.6MB
- MD5
  
  0562b4c97f643306df491a938ae636da
- SHA1
  
  0807c37b711374ed4814a9518c9e264517de89a0
- SHA256
  
  70e72477f7fe0018e043ce8fe2228a289459058ee41caecd6f05855898bc5b80
- SHA512
  
  c969cd274b6bf65a34f1d129b6531616a3485a1f153088609ad2369d380fdec37c3e88a423495912715a26e353dd5498f7f9e73c895e9f3f18fc7d1e65d2ecaf
- SSDEEP
  
  24576:nYyUyUxws47SDJ+wfa3ZsacYwzhmT5LOMobxqFFnM9Pv1w+Fus:nYyUyUueD001YwzhmVSMoNqFF
Score

1^/10
behavioral5 behavioral6
- Target
  
  CraxsRat VIP/CraxsRat VIP/EXGuard.dll
- Size
  
  1.2MB
- MD5
  
  4372e9205b3f1f07ee1430ccf73cbcf5
- SHA1
  
  a905a86e9725ef4c092da464e3619efb0d61d3bb
- SHA256
  
  b2520bbfe83ff8ca6091ffe1d0ed9ba93b5dd4e167f45716712e3f7a7c493045
- SHA512
  
  1e2b97bf40fd0a80a52a17bef67d5f14734a099653577922aed01ea89b31fe71162042660ccb0fdd2c1b844088db2c4f51923778d34af99b285a42e2722e223f
- SSDEEP
  
  24576:TDZOvz+AgwymBdh4iRWop351EhHmUQmWg+uM2m5cDlmN3hrNMFQuYQkm4bbAoV8:TDZ4+Fwycj9W5hHmUMgl4yYbeFQuYQTp
Score

1^/10
behavioral7 behavioral8
- Target
  
  CraxsRat VIP/CraxsRat VIP/GeoIPCitys.dll
- Size
  
  191KB
- MD5
  
  c070f2421851420e832e4f5989a775a2
- SHA1
  
  d6af3c48ffbe0fa1e0e54860836d3bbf374b8b46
- SHA256
  
  d54fd6c5903eea49a75d620d4ba232f8effb1863f5f9c974e4ac0a8fb1904131
- SHA512
  
  75c3edeb4c16d8e82eedc5595b9c3fde4cbd4a3e9deae1967ad513474920a48e4e9275fdc76f44032b1be570a4ece1a6393c4680af8989f67bcdec039d06798e
- SSDEEP
  
  3072:87IcHKc0TwY4O6BlLiJxTmd9h1+fJ5uJnjpUoh/ht21hYvpMaoySJHPc8E:8dHV0Tn4pox6d9G4k
Score

1^/10
behavioral10 behavioral9
- Target
  
  CraxsRat VIP/CraxsRat VIP/LiveCharts.MAPS.dll
- Size
  
  53KB
- MD5
  
  dfee15e4c6efa37e6645d8b47c8581e0
- SHA1
  
  876140e0855fcd15bfb590431fb7b280d1db4a21
- SHA256
  
  5b8a9a04f454a2c4da5989fa454a0138d3e5c40712816600f90111b7bf045c40
- SHA512
  
  4d0e7b0a5642b649c04e54d89e707ec00e79a0fa282eac19b6097b819652045c3e157763b5b2922a4c2252b0877059ef90eb60038280dbfbef9502f421d739df
- SSDEEP
  
  768:r4gOx89xKERw2U11HI+bZO603JLw8MOrNNLSW5/5xTcb2y1ehVHp:rPKB22HIwwFNuC5N6n+VHp
Score

1^/10
behavioral11 behavioral12
- Target
  
  CraxsRat VIP/CraxsRat VIP/LiveCharts.WinForms.dll
- Size
  
  19KB
- MD5
  
  76c775d09b24798f6923452e920979b5
- SHA1
  
  3fe2c79512a0d1153fb07f6640b27106c90d333e
- SHA256
  
  a5b61c1726304e6b72e09a0f35ddbf52f89a75a4e28e6ed098c8d1df6081b4ad
- SHA512
  
  eacc093f8ac9401f617df7e07fd68a8a0f1f03aa150283de67ad8c338fcb1520b0f07335547cf533a646ff95f239c92b029f952a706e736bcd9508817c9be0f9
- SSDEEP
  
  384:F5gNA4m0NkdPbJfGZLifwdNqF8vLvTjzHEhZFUPOxFBVGquJpQ76RqMm:F5gNnrNklJfGZLiAw27jrEhZFyYMm
Score

1^/10
behavioral13 behavioral14
- Target
  
  CraxsRat VIP/CraxsRat VIP/LiveCharts.Wpf.dll
- Size
  
  212KB
- MD5
  
  e924f79f0b5f3e79c98477d75831813d
- SHA1
  
  64f71e20e1953b13c771d8a8e63549ad6d64216e
- SHA256
  
  1bdbb1b5c1a50653e5c26161e9b7c03edc518721a6e10ea180a84049d967106b
- SHA512
  
  063e9bdbdaf0accb46cef5fdb98b30a97b8a6ba097a80d43a9799ff73e820d1c56d41ca9f71d94497736e3def7fbd0109db4000ab1d9e46cdc96357bf3e15fd1
- SSDEEP
  
  6144:d/vd0eaDQcUc0GkiTV3bkACA3AloBtefVt+aA2xgKPo1zlW1w:vaErjGkiTV3bkACA3AloBtefVt+aAGBF
Score

1^/10
behavioral15 behavioral16
- Target
  
  CraxsRat VIP/CraxsRat VIP/LiveCharts.dll
- Size
  
  148KB
- MD5
  
  9642899636959b7fc89bf34a8b998a90
- SHA1
  
  479a0254d1c9e5565c7d861bb77f54b7eae50c96
- SHA256
  
  9fcf89837b60f69c1c501e4cfa4d2860887afd0b8f325803367e795a4e3bc9ca
- SHA512
  
  435dccb57ff3e9d0663770768c866838b19fbaa5b8e79de0ca111d9c73276f016e016d1d268f72cf3435ecac122039764fada952e1a4f68f368b492bb866c9a2
- SSDEEP
  
  3072:saegvMNVoz3Vlw6/R3z3MV1IdJJGVKWHC2KdxFFT9lzo:VFJlwYMVWY65z
Score

1^/10
behavioral17 behavioral18
- Target
  
  CraxsRat VIP/CraxsRat VIP/NAudio.dll
- Size
  
  498KB
- MD5
  
  6ca17abccae3050f391401b2955f9333
- SHA1
  
  0975b039a793accb58130d6639262cd291d80d5d
- SHA256
  
  3ad5d09b4c8c3146d15955a564a9f1a57d7c795b189a25c6f722a738d95ef89c
- SHA512
  
  c08f366aae9baf0e7762f47a2f79d0dee5187a1d7631e5838590b7c12911bdeb6247e0ff860ade36e04f1d6717f919ad98df6d3a1a556bff4b8994db9616ccec
- SSDEEP
  
  12288:MnXnae2TPlr3zvzar5oRDaw92wP6mai9gs6C:K8lrT+r5ADakP4i9gs
Score

1^/10
behavioral19 behavioral20
- Target
  
  CraxsRat VIP/CraxsRat VIP/Newtonsoft.Json.dll
- Size
  
  695KB
- MD5
  
  195ffb7167db3219b217c4fd439eedd6
- SHA1
  
  1e76e6099570ede620b76ed47cf8d03a936d49f8
- SHA256
  
  e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d
- SHA512
  
  56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac
- SSDEEP
  
  12288:GBja5bBvR8Q0TE2HB0WLmvXbsVG1Gw03RzxNHgKhwFBkjSHXP36RMGy1NqTUO:GBjk38WuBcAbwoA/BkjSHXP36RMG/
Score

1^/10
behavioral21 behavioral22
- Target
  
  CraxsRat VIP/CraxsRat VIP/res/Lib/7z.dll
- Size
  
  1.2MB
- MD5
  
  34738b1b326c7f65d365a5b33e045662
- SHA1
  
  54f86f6d3b5d96584d6d2a76023f3522e09706fe
- SHA256
  
  4d61796b499a4177b03e8e36778ec57293bebbf26412c69e19d3248602a2bb8a
- SHA512
  
  134faa16f9913d4cfdfb8efdc9cdda6ff6907016e0f46e3f72792cbc183a688fab0484f251efa562639a75582e380b099481d79d6324e5aded0a8041492414ce
- SSDEEP
  
  24576:XXm+ENgUCp+R3RuC2HhS6yR1xF2rH8W7f3z9L/SDidq2:HX7cRuC2Q6S36DJuKq
Score

3^/10
behavioral23 behavioral24
- Target
  
  CraxsRat VIP/CraxsRat VIP/res/Lib/7z.exe
- Size
  
  329KB
- MD5
  
  453821572a13cc6ea0736f9db6424e13
- SHA1
  
  5f994bde8db4b658781756eaaca9416909a3a420
- SHA256
  
  b8c3871a5d6a473a2e9d08684a481aea7467a97d0a433cf55b127323ef61218f
- SHA512
  
  22468064ae306037d2b241e8a985ad5b037b45f6873e364f46d8066018533993e66834288227ae86e94e23511386f0afcf52776060b17dad11dfba4bc333b07a
- SSDEEP
  
  6144:qnzsyDn7PDS+FDflUjvJUkbEOyF1rOpsuCOuOff5kYF/lTRHA:q377SKfgvqkbFyFJC5RzH
Score

1^/10
behavioral25 behavioral26
- Target
  
  CraxsRat VIP/CraxsRat VIP/res/Lib/ApkEditor.jar
- Size
  
  2.9MB
- MD5
  
  2a86a4e2a358bdef45ebdb9b1ad217b6
- SHA1
  
  6f1474287e6e6f4b1264e48eda8b88dfb7b7a47f
- SHA256
  
  6bcda26492a031fc63b0d0f7b6b4590ef5017cdecc134ee9768521b03833fe00
- SHA512
  
  1e4eec08a13e72567bd2e565ddf08a17d098e470280a057c8d4c31cfd501482fe7e381364f456a31cad1b0dae69e85140111e776bbd4b95c0a450d7d7f82baa0
- SSDEEP
  
  49152:R5DHKV0tkwisQD+Dt+C4e/4sLbTJ8Jxi18ZqByspA7P41Mwsw3Ga:Lz00tkw9Qa+BegsLbS3ksP4Nn3h
Score

7^/10

discovery
- Modifies file permissions
  discovery
behavioral27 behavioral28
- Target
  
  CraxsRat VIP/CraxsRat VIP/res/Lib/aapt.exe
- Size
  
  1.6MB
- MD5
  
  80f136b0642bbc25c7578e0d24d4673b
- SHA1
  
  883596e63700c45ab0d4d880b883f687f65c2457
- SHA256
  
  aa18b5646881ff3b8ca9879045a1b4a44e2d5b24fbe14486fc8236789de8237a
- SHA512
  
  4a95ac6b8d6252b68ccc842e8dd36056d5b0a773a86d4a8234f39cc2195ccec06fc64954655956447dfc27896720c92f8dfa4a39c2bb568c21fcc588723d86fc
- SSDEEP
  
  49152:XPNjtbkZdmFxzKyfMKiTYQ0QQQKXQQQQQQQf0Qw:/NjtQZ8Pf1
Score

1^/10
behavioral29 behavioral30
- Target
  
  CraxsRat VIP/CraxsRat VIP/res/Lib/apksigner.jar
- Size
  
  968KB
- MD5
  
  16c82bdd120d4b5803deafd3550afa5f
- SHA1
  
  c1e0626fe98fdbe2f1d483f99664ec957f44f891
- SHA256
  
  ba13fc4122f3c8ef23eed76e13792b033fd0506de90ec3ff1e5773e383eb6f15
- SHA512
  
  9918a24392d397a64f39489dba1c73b1576ff1e6bc2c302f3fd7bb037b9f42f620ee90c12ebb625e927543e3163fbc47bcf99c93fde6deb0b9376e171f792bea
- SSDEEP
  
  24576:5hCPzWIgo1IhgOBAxoBSTNDGbe48+mrmCJprmhBK5I:5hCbW6jAAks7R6OohBK5I
Score

7^/10

discovery
- Modifies file permissions
  discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Process Discovery

T1057

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Command and Scripting Interpreter: PowerShell

Drops file in Drivers directory

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

UPX packed file

Accesses cryptocurrency files/wallets, possible credential harvesting

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

Modifies file permissions

Modifies file permissions

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32