General
-
Target
Craxs Rat v7.6.zip
-
Size
238.6MB
-
Sample
250111-nf71ds1jbm
-
MD5
4fc965f4281cd69e8935b5cf3fb3457b
-
SHA1
684e4444e85e286e7e829a0e464deda0545aba7b
-
SHA256
b7550146cc837d922681806aeae393e826e437cb423a09b3f74e0c157ee627a6
-
SHA512
2677161cff174eddf426ef203e88cff8682fa4e5e7c4282b73224ff4859faef093aa33e1f81071b7f0d127d31f20e405a61e1495dadf18d7feb364aa0e028780
-
SSDEEP
6291456:B6fze2X0LDNd+12U0LMCMGGXykkRm0yP8SkiFrpNA:qey0td+R0LTGVd78kXA
Behavioral task
behavioral1
Sample
Craxs Rat v7.6.zip
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
Craxs Rat v7.6.zip
-
Size
238.6MB
-
MD5
4fc965f4281cd69e8935b5cf3fb3457b
-
SHA1
684e4444e85e286e7e829a0e464deda0545aba7b
-
SHA256
b7550146cc837d922681806aeae393e826e437cb423a09b3f74e0c157ee627a6
-
SHA512
2677161cff174eddf426ef203e88cff8682fa4e5e7c4282b73224ff4859faef093aa33e1f81071b7f0d127d31f20e405a61e1495dadf18d7feb364aa0e028780
-
SSDEEP
6291456:B6fze2X0LDNd+12U0LMCMGGXykkRm0yP8SkiFrpNA:qey0td+R0LTGVd78kXA
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Uses browser remote debugging
Can be used control the browser and steal sensitive information such as credentials and session cookies.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Event Triggered Execution
1Netsh Helper DLL
1Modify Authentication Process
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Modify Authentication Process
1Steal Web Session Cookie
1Unsecured Credentials
2Credentials In Files
2Discovery
Browser Information Discovery
1Process Discovery
1Query Registry
5System Information Discovery
7System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
1Wi-Fi Discovery
1Virtualization/Sandbox Evasion
1