Overview
overview
10Static
static
10CraxsRat V...g.html
windows7-x64
3CraxsRat V...g.html
windows10-2004-x64
3DrakeUI.Framework.dll
windows7-x64
1DrakeUI.Framework.dll
windows10-2004-x64
1GeoIPCitys.dll
windows7-x64
1GeoIPCitys.dll
windows10-2004-x64
1LiveCharts.MAPS.dll
windows7-x64
1LiveCharts.MAPS.dll
windows10-2004-x64
1LiveCharts...ms.dll
windows7-x64
1LiveCharts...ms.dll
windows10-2004-x64
1LiveCharts.Wpf.dll
windows7-x64
1LiveCharts.Wpf.dll
windows10-2004-x64
1CraxsRat V....4.exe
windows7-x64
3CraxsRat V....4.exe
windows10-2004-x64
1CraxsRat V...rk.dll
windows7-x64
1CraxsRat V...rk.dll
windows10-2004-x64
1CraxsRat V...ys.dll
windows7-x64
1CraxsRat V...ys.dll
windows10-2004-x64
1CraxsRat V...PS.dll
windows7-x64
1CraxsRat V...PS.dll
windows10-2004-x64
1CraxsRat V...ms.dll
windows7-x64
1CraxsRat V...ms.dll
windows10-2004-x64
1CraxsRat V...pf.dll
windows7-x64
1CraxsRat V...pf.dll
windows10-2004-x64
1CraxsRat V...ts.dll
windows7-x64
1CraxsRat V...ts.dll
windows10-2004-x64
1CraxsRat V...io.dll
windows7-x64
1CraxsRat V...io.dll
windows10-2004-x64
1CraxsRat V...on.dll
windows7-x64
1CraxsRat V...on.dll
windows10-2004-x64
1CraxsRat V...le.dll
windows7-x64
1CraxsRat V...le.dll
windows10-2004-x64
1General
-
Target
CraxsRat V7.4.rar
-
Size
444.1MB
-
Sample
250307-a7538a1sex
-
MD5
a97ff5dbc705d0acf8b7c28eebcbfeef
-
SHA1
36659fab802880ff508dfd7590d06992f9bf41ca
-
SHA256
5c3bd78ff76f1c17c997a83f44718b22bd59e1b1ad65c8b05059741fcd628178
-
SHA512
9854845f3a9fc7c567a44961000d3d81c6f36b49072a49797451f7c5a785bdbd1566450494f826b29dede5c43dfa7b9a0d7ae169f0fa5f851a349e11f8e6e0fc
-
SSDEEP
6291456:DCqcEdVlkbOVaO3YSvbeFN1RxmaD+0957a4mv6OkRPmCz2VABSlpykkRm0yP8SkF:WqbVJV3YSvKFN1RIK95W8xDyVLd78d
Behavioral task
behavioral1
Sample
CraxsRat V7.4/CraxsRat V7.4/ChangeLog.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
CraxsRat V7.4/CraxsRat V7.4/ChangeLog.html
Resource
win10v2004-20250217-en
Behavioral task
behavioral3
Sample
DrakeUI.Framework.dll
Resource
win7-20241010-en
Behavioral task
behavioral4
Sample
DrakeUI.Framework.dll
Resource
win10v2004-20250217-en
Behavioral task
behavioral5
Sample
GeoIPCitys.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
GeoIPCitys.dll
Resource
win10v2004-20250217-en
Behavioral task
behavioral7
Sample
LiveCharts.MAPS.dll
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
LiveCharts.MAPS.dll
Resource
win10v2004-20250217-en
Behavioral task
behavioral9
Sample
LiveCharts.WinForms.dll
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
LiveCharts.WinForms.dll
Resource
win10v2004-20250217-en
Behavioral task
behavioral11
Sample
LiveCharts.Wpf.dll
Resource
win7-20241010-en
Behavioral task
behavioral12
Sample
LiveCharts.Wpf.dll
Resource
win10v2004-20250217-en
Behavioral task
behavioral13
Sample
CraxsRat V7.4/CraxsRat V7.4/CraxsRat V7.4.exe
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
CraxsRat V7.4/CraxsRat V7.4/CraxsRat V7.4.exe
Resource
win10v2004-20250217-en
Behavioral task
behavioral15
Sample
CraxsRat V7.4/CraxsRat V7.4/DrakeUI.Framework.dll
Resource
win7-20250207-en
Behavioral task
behavioral16
Sample
CraxsRat V7.4/CraxsRat V7.4/DrakeUI.Framework.dll
Resource
win10v2004-20250217-en
Behavioral task
behavioral17
Sample
CraxsRat V7.4/CraxsRat V7.4/GeoIPCitys.dll
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
CraxsRat V7.4/CraxsRat V7.4/GeoIPCitys.dll
Resource
win10v2004-20250217-en
Behavioral task
behavioral19
Sample
CraxsRat V7.4/CraxsRat V7.4/LiveCharts.MAPS.dll
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
CraxsRat V7.4/CraxsRat V7.4/LiveCharts.MAPS.dll
Resource
win10v2004-20250217-en
Behavioral task
behavioral21
Sample
CraxsRat V7.4/CraxsRat V7.4/LiveCharts.WinForms.dll
Resource
win7-20240903-en
Behavioral task
behavioral22
Sample
CraxsRat V7.4/CraxsRat V7.4/LiveCharts.WinForms.dll
Resource
win10v2004-20250217-en
Behavioral task
behavioral23
Sample
CraxsRat V7.4/CraxsRat V7.4/LiveCharts.Wpf.dll
Resource
win7-20250207-en
Behavioral task
behavioral24
Sample
CraxsRat V7.4/CraxsRat V7.4/LiveCharts.Wpf.dll
Resource
win10v2004-20250217-en
Behavioral task
behavioral25
Sample
CraxsRat V7.4/CraxsRat V7.4/LiveCharts.dll
Resource
win7-20240903-en
Behavioral task
behavioral26
Sample
CraxsRat V7.4/CraxsRat V7.4/LiveCharts.dll
Resource
win10v2004-20250217-en
Behavioral task
behavioral27
Sample
CraxsRat V7.4/CraxsRat V7.4/NAudio.dll
Resource
win7-20240903-en
Behavioral task
behavioral28
Sample
CraxsRat V7.4/CraxsRat V7.4/NAudio.dll
Resource
win10v2004-20250217-en
Behavioral task
behavioral29
Sample
CraxsRat V7.4/CraxsRat V7.4/Newtonsoft.Json.dll
Resource
win7-20240903-en
Behavioral task
behavioral30
Sample
CraxsRat V7.4/CraxsRat V7.4/Newtonsoft.Json.dll
Resource
win10v2004-20250217-en
Behavioral task
behavioral31
Sample
CraxsRat V7.4/CraxsRat V7.4/System.IO.Compression.ZipFile.dll
Resource
win7-20241023-en
Behavioral task
behavioral32
Sample
CraxsRat V7.4/CraxsRat V7.4/System.IO.Compression.ZipFile.dll
Resource
win10v2004-20250217-en
Malware Config
Extracted
xred
xred.mooo.com
-
payload_url
http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1
http://xred.site50.net/syn/SUpdate.ini
https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download
https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1
http://xred.site50.net/syn/Synaptics.rar
https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download
https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1
http://xred.site50.net/syn/SSLLibrary.dll
Targets
-
-
Target
CraxsRat V7.4/CraxsRat V7.4/ChangeLog.html
-
Size
36KB
-
MD5
026911c9de25d77308da03cb6a16cd76
-
SHA1
7b614170038e6ee35103e0f2397af9bb2c6e3dd7
-
SHA256
b3fb48d963280de141302f8bde314376742939194092761b00ec98a1acc4d046
-
SHA512
774c44f61400be3bbb97003be84c48345ca7d16d98619390c57c3bbd0fdd97fc454a5f25ea12b5d91791156513bdd1abd2cad38f7b82089dd5e24d4a69082c05
-
SSDEEP
768:aXBgQH9JRGqt/Icp2Vjpoa3cyZ4d9DKH6848hmQzeoaHYuxZktF8RTa:aeQHtNIcpijCa334ddzE5unqF4Ta
Score3/10 -
-
-
Target
DrakeUI.Framework.dll
-
Size
1.6MB
-
MD5
0562b4c97f643306df491a938ae636da
-
SHA1
0807c37b711374ed4814a9518c9e264517de89a0
-
SHA256
70e72477f7fe0018e043ce8fe2228a289459058ee41caecd6f05855898bc5b80
-
SHA512
c969cd274b6bf65a34f1d129b6531616a3485a1f153088609ad2369d380fdec37c3e88a423495912715a26e353dd5498f7f9e73c895e9f3f18fc7d1e65d2ecaf
-
SSDEEP
24576:nYyUyUxws47SDJ+wfa3ZsacYwzhmT5LOMobxqFFnM9Pv1w+Fus:nYyUyUueD001YwzhmVSMoNqFF
Score1/10 -
-
-
Target
GeoIPCitys.dll
-
Size
191KB
-
MD5
c070f2421851420e832e4f5989a775a2
-
SHA1
d6af3c48ffbe0fa1e0e54860836d3bbf374b8b46
-
SHA256
d54fd6c5903eea49a75d620d4ba232f8effb1863f5f9c974e4ac0a8fb1904131
-
SHA512
75c3edeb4c16d8e82eedc5595b9c3fde4cbd4a3e9deae1967ad513474920a48e4e9275fdc76f44032b1be570a4ece1a6393c4680af8989f67bcdec039d06798e
-
SSDEEP
3072:87IcHKc0TwY4O6BlLiJxTmd9h1+fJ5uJnjpUoh/ht21hYvpMaoySJHPc8E:8dHV0Tn4pox6d9G4k
Score1/10 -
-
-
Target
LiveCharts.MAPS.dll
-
Size
53KB
-
MD5
dfee15e4c6efa37e6645d8b47c8581e0
-
SHA1
876140e0855fcd15bfb590431fb7b280d1db4a21
-
SHA256
5b8a9a04f454a2c4da5989fa454a0138d3e5c40712816600f90111b7bf045c40
-
SHA512
4d0e7b0a5642b649c04e54d89e707ec00e79a0fa282eac19b6097b819652045c3e157763b5b2922a4c2252b0877059ef90eb60038280dbfbef9502f421d739df
-
SSDEEP
768:r4gOx89xKERw2U11HI+bZO603JLw8MOrNNLSW5/5xTcb2y1ehVHp:rPKB22HIwwFNuC5N6n+VHp
Score1/10 -
-
-
Target
LiveCharts.WinForms.dll
-
Size
19KB
-
MD5
76c775d09b24798f6923452e920979b5
-
SHA1
3fe2c79512a0d1153fb07f6640b27106c90d333e
-
SHA256
a5b61c1726304e6b72e09a0f35ddbf52f89a75a4e28e6ed098c8d1df6081b4ad
-
SHA512
eacc093f8ac9401f617df7e07fd68a8a0f1f03aa150283de67ad8c338fcb1520b0f07335547cf533a646ff95f239c92b029f952a706e736bcd9508817c9be0f9
-
SSDEEP
384:F5gNA4m0NkdPbJfGZLifwdNqF8vLvTjzHEhZFUPOxFBVGquJpQ76RqMm:F5gNnrNklJfGZLiAw27jrEhZFyYMm
Score1/10 -
-
-
Target
LiveCharts.Wpf.dll
-
Size
212KB
-
MD5
e924f79f0b5f3e79c98477d75831813d
-
SHA1
64f71e20e1953b13c771d8a8e63549ad6d64216e
-
SHA256
1bdbb1b5c1a50653e5c26161e9b7c03edc518721a6e10ea180a84049d967106b
-
SHA512
063e9bdbdaf0accb46cef5fdb98b30a97b8a6ba097a80d43a9799ff73e820d1c56d41ca9f71d94497736e3def7fbd0109db4000ab1d9e46cdc96357bf3e15fd1
-
SSDEEP
6144:d/vd0eaDQcUc0GkiTV3bkACA3AloBtefVt+aA2xgKPo1zlW1w:vaErjGkiTV3bkACA3AloBtefVt+aAGBF
Score1/10 -
-
-
Target
CraxsRat V7.4/CraxsRat V7.4/CraxsRat V7.4.exe
-
Size
62.0MB
-
MD5
d125972b55d437d2dc9e89cfa0e81785
-
SHA1
2b09d5a4eb8a239790393f06b0af1d4cac334b91
-
SHA256
df4a1582b2d000cc4ddac50aec247fa92ba13b3b822f6e05cb529b2eb94a07f7
-
SHA512
7ffa6176d28bf6d17f390726d5cb7f8d6b6f07adeb3b382d2eee4148f5b6ac0693421d4ef3e17b8fb263beaf3997bdb12fcd4c83199f55ab1ae9aa620a33d17d
-
SSDEEP
786432:8c+NX10EPRuHoA5AKF7zR/t6tKF+iS6JkKgApbLKo2:j+NX10qwAMzttZm6CKXxI
Score3/10 -
-
-
Target
CraxsRat V7.4/CraxsRat V7.4/DrakeUI.Framework.dll
-
Size
1.6MB
-
MD5
0562b4c97f643306df491a938ae636da
-
SHA1
0807c37b711374ed4814a9518c9e264517de89a0
-
SHA256
70e72477f7fe0018e043ce8fe2228a289459058ee41caecd6f05855898bc5b80
-
SHA512
c969cd274b6bf65a34f1d129b6531616a3485a1f153088609ad2369d380fdec37c3e88a423495912715a26e353dd5498f7f9e73c895e9f3f18fc7d1e65d2ecaf
-
SSDEEP
24576:nYyUyUxws47SDJ+wfa3ZsacYwzhmT5LOMobxqFFnM9Pv1w+Fus:nYyUyUueD001YwzhmVSMoNqFF
Score1/10 -
-
-
Target
CraxsRat V7.4/CraxsRat V7.4/GeoIPCitys.dll
-
Size
191KB
-
MD5
c070f2421851420e832e4f5989a775a2
-
SHA1
d6af3c48ffbe0fa1e0e54860836d3bbf374b8b46
-
SHA256
d54fd6c5903eea49a75d620d4ba232f8effb1863f5f9c974e4ac0a8fb1904131
-
SHA512
75c3edeb4c16d8e82eedc5595b9c3fde4cbd4a3e9deae1967ad513474920a48e4e9275fdc76f44032b1be570a4ece1a6393c4680af8989f67bcdec039d06798e
-
SSDEEP
3072:87IcHKc0TwY4O6BlLiJxTmd9h1+fJ5uJnjpUoh/ht21hYvpMaoySJHPc8E:8dHV0Tn4pox6d9G4k
Score1/10 -
-
-
Target
CraxsRat V7.4/CraxsRat V7.4/LiveCharts.MAPS.dll
-
Size
53KB
-
MD5
dfee15e4c6efa37e6645d8b47c8581e0
-
SHA1
876140e0855fcd15bfb590431fb7b280d1db4a21
-
SHA256
5b8a9a04f454a2c4da5989fa454a0138d3e5c40712816600f90111b7bf045c40
-
SHA512
4d0e7b0a5642b649c04e54d89e707ec00e79a0fa282eac19b6097b819652045c3e157763b5b2922a4c2252b0877059ef90eb60038280dbfbef9502f421d739df
-
SSDEEP
768:r4gOx89xKERw2U11HI+bZO603JLw8MOrNNLSW5/5xTcb2y1ehVHp:rPKB22HIwwFNuC5N6n+VHp
Score1/10 -
-
-
Target
CraxsRat V7.4/CraxsRat V7.4/LiveCharts.WinForms.dll
-
Size
19KB
-
MD5
76c775d09b24798f6923452e920979b5
-
SHA1
3fe2c79512a0d1153fb07f6640b27106c90d333e
-
SHA256
a5b61c1726304e6b72e09a0f35ddbf52f89a75a4e28e6ed098c8d1df6081b4ad
-
SHA512
eacc093f8ac9401f617df7e07fd68a8a0f1f03aa150283de67ad8c338fcb1520b0f07335547cf533a646ff95f239c92b029f952a706e736bcd9508817c9be0f9
-
SSDEEP
384:F5gNA4m0NkdPbJfGZLifwdNqF8vLvTjzHEhZFUPOxFBVGquJpQ76RqMm:F5gNnrNklJfGZLiAw27jrEhZFyYMm
Score1/10 -
-
-
Target
CraxsRat V7.4/CraxsRat V7.4/LiveCharts.Wpf.dll
-
Size
212KB
-
MD5
e924f79f0b5f3e79c98477d75831813d
-
SHA1
64f71e20e1953b13c771d8a8e63549ad6d64216e
-
SHA256
1bdbb1b5c1a50653e5c26161e9b7c03edc518721a6e10ea180a84049d967106b
-
SHA512
063e9bdbdaf0accb46cef5fdb98b30a97b8a6ba097a80d43a9799ff73e820d1c56d41ca9f71d94497736e3def7fbd0109db4000ab1d9e46cdc96357bf3e15fd1
-
SSDEEP
6144:d/vd0eaDQcUc0GkiTV3bkACA3AloBtefVt+aA2xgKPo1zlW1w:vaErjGkiTV3bkACA3AloBtefVt+aAGBF
Score1/10 -
-
-
Target
CraxsRat V7.4/CraxsRat V7.4/LiveCharts.dll
-
Size
148KB
-
MD5
9642899636959b7fc89bf34a8b998a90
-
SHA1
479a0254d1c9e5565c7d861bb77f54b7eae50c96
-
SHA256
9fcf89837b60f69c1c501e4cfa4d2860887afd0b8f325803367e795a4e3bc9ca
-
SHA512
435dccb57ff3e9d0663770768c866838b19fbaa5b8e79de0ca111d9c73276f016e016d1d268f72cf3435ecac122039764fada952e1a4f68f368b492bb866c9a2
-
SSDEEP
3072:saegvMNVoz3Vlw6/R3z3MV1IdJJGVKWHC2KdxFFT9lzo:VFJlwYMVWY65z
Score1/10 -
-
-
Target
CraxsRat V7.4/CraxsRat V7.4/NAudio.dll
-
Size
498KB
-
MD5
6ca17abccae3050f391401b2955f9333
-
SHA1
0975b039a793accb58130d6639262cd291d80d5d
-
SHA256
3ad5d09b4c8c3146d15955a564a9f1a57d7c795b189a25c6f722a738d95ef89c
-
SHA512
c08f366aae9baf0e7762f47a2f79d0dee5187a1d7631e5838590b7c12911bdeb6247e0ff860ade36e04f1d6717f919ad98df6d3a1a556bff4b8994db9616ccec
-
SSDEEP
12288:MnXnae2TPlr3zvzar5oRDaw92wP6mai9gs6C:K8lrT+r5ADakP4i9gs
Score1/10 -
-
-
Target
CraxsRat V7.4/CraxsRat V7.4/Newtonsoft.Json.dll
-
Size
695KB
-
MD5
195ffb7167db3219b217c4fd439eedd6
-
SHA1
1e76e6099570ede620b76ed47cf8d03a936d49f8
-
SHA256
e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d
-
SHA512
56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac
-
SSDEEP
12288:GBja5bBvR8Q0TE2HB0WLmvXbsVG1Gw03RzxNHgKhwFBkjSHXP36RMGy1NqTUO:GBjk38WuBcAbwoA/BkjSHXP36RMG/
Score1/10 -
-
-
Target
CraxsRat V7.4/CraxsRat V7.4/System.IO.Compression.ZipFile.dll
-
Size
24KB
-
MD5
dcda916372128f13ada8b07026c1b3e7
-
SHA1
99d6c187de8510206a93d2eed9c65e65e0c86e72
-
SHA256
b5c12e9099643e2eda9b49edd0d98bdaed153c72a7e8e6235d8e78714402d16a
-
SHA512
d66de5d61cf7090ce2e11ca8064723a44c2fdbd7ed937f1cf4198ebe13083037941b816ad9022d332bbb853666785600fa8b1faca94c498d2f82de73fe1e42f9
-
SSDEEP
384:dK8Y54xRiW3mWeW+mWE3rq0GftpBj52ERHRN7dldBopPI:dKfemqiuEBHoa
Score1/10 -