Technical Analysis of EagleSpy V6.0 (CraxsRAT Rebrand) Distributed Through Odysee and Telegram

The post details an investigation into EagleSpy V6.0, a rebranded version of CraxsRAT, sold via Odysee and Telegram. The malware includes features such as banking phishing overlays, crypto wallet theft, remote shell execution, keylogging, and ransomware components, along with evasion techniques like DEX packers. The seller scammed the investigator after payment and blocked communication, while the analysis revealed real victim infrastructure and potential risks to buyers. The malware is distributed through the Odysee channel @justicerat:e and Telegram handle @JustIcedevs.