Analysis Overview
SHA256
67a225feedc5ce4adf75acb41e8b0e746e7daaec779225cd72f860a263b92a6e
Threat Level: Known bad
The file 0D8EEACCA6E4A8237F17DA724B237DA2.exe was found to be: Known bad.
Malicious Activity Summary
CrimsonRAT Main Payload
Crimsonrat family
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2021-07-30 19:01
Signatures
CrimsonRAT Main Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Crimsonrat family
Analysis: behavioral1
Detonation Overview
Submitted
2021-07-30 19:01
Reported
2021-07-30 19:04
Platform
win7v20210410
Max time kernel
104s
Max time network
145s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\0D8EEACCA6E4A8237F17DA724B237DA2.exe
"C:\Users\Admin\AppData\Local\Temp\0D8EEACCA6E4A8237F17DA724B237DA2.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 191.101.172.44:4125 | tcp | |
| N/A | 191.101.172.44:6522 | tcp |
Files
memory/1072-60-0x0000000000A20000-0x0000000000A22000-memory.dmp
memory/1072-59-0x000007FEF2B30000-0x000007FEF3BC6000-memory.dmp
memory/1072-61-0x0000000000A26000-0x0000000000A45000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2021-07-30 19:01
Reported
2021-07-30 19:03
Platform
win10v20210408
Max time kernel
104s
Max time network
144s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\0D8EEACCA6E4A8237F17DA724B237DA2.exe
"C:\Users\Admin\AppData\Local\Temp\0D8EEACCA6E4A8237F17DA724B237DA2.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 191.101.172.44:4125 | tcp | |
| N/A | 191.101.172.44:6522 | tcp |
Files
memory/992-114-0x0000000002AB0000-0x0000000002AB2000-memory.dmp
memory/992-115-0x0000000002AB2000-0x0000000002AB4000-memory.dmp