General

  • Target

    CraxsRat 7.6 Cracked.zip

  • Size

    246.7MB

  • Sample

    250207-sbns6svphw

  • MD5

    1afde86ca05963c00e52e865da373dbb

  • SHA1

    c94fea382c8ebbc2800a7ee2d3b470c49cc196e4

  • SHA256

    fcbad10343f578229c62e51d7bbdf5f057ba1a3fea0eb22b34dc46f6f21467f2

  • SHA512

    8d01c93426697f663c81001dc707c6e3d18a1f8655bc9bb34e991322ff34b817a35be3ed05bec74213c14b7c2b63f7424b88937011ae97bdd40da138a30fbdbe

  • SSDEEP

    6291456:yu7pvCykkRm0yP8SkUkh84VvtEEGLoh/v:bwd78LVeoNv

Malware Config

Targets

    • Target

      CraxsRat v7.6 Cracked.exe

    • Size

      74.5MB

    • MD5

      b995246596896af3fe1d061de5b3e693

    • SHA1

      1a1bedf4926cd5adc4dc2f577118450b160df7d9

    • SHA256

      ed2ca5b412fc74573248c7f2c5eb29f48161a11f9629c4ada6c3a53b946f81b9

    • SHA512

      dd452a28b80eef2a504ff0b23219c6cb20d6cd5e9fee6b0a073344918c70af69acb53e69f3e1736460f7b53840a344d2684a2496f1dd0418d8524f01e8d401da

    • SSDEEP

      786432:bbpO3t8gmX69IP4OkJ+NX10EPRuHoA5AKF7zR/t6tKF+iSrWgAzUzUf3Ko24f:3w98NS+NX10qwAMzttZmrWXggPI4

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks