Malware Analysis Report

2024-10-19 10:21

Sample ID 210730-a3qmrz1r82
Target 0D8EEACCA6E4A8237F17DA724B237DA2.exe
SHA256 67a225feedc5ce4adf75acb41e8b0e746e7daaec779225cd72f860a263b92a6e
Tags
crimsonrat
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

67a225feedc5ce4adf75acb41e8b0e746e7daaec779225cd72f860a263b92a6e

Threat Level: Known bad

The file 0D8EEACCA6E4A8237F17DA724B237DA2.exe was found to be: Known bad.

Malicious Activity Summary

crimsonrat

CrimsonRAT Main Payload

Crimsonrat family

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2021-07-30 19:01

Signatures

CrimsonRAT Main Payload

Description Indicator Process Target
N/A N/A N/A N/A

Crimsonrat family

crimsonrat

Analysis: behavioral1

Detonation Overview

Submitted

2021-07-30 19:01

Reported

2021-07-30 19:04

Platform

win7v20210410

Max time kernel

104s

Max time network

145s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0D8EEACCA6E4A8237F17DA724B237DA2.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\0D8EEACCA6E4A8237F17DA724B237DA2.exe

"C:\Users\Admin\AppData\Local\Temp\0D8EEACCA6E4A8237F17DA724B237DA2.exe"

Network

Country Destination Domain Proto
N/A 191.101.172.44:4125 tcp
N/A 191.101.172.44:6522 tcp

Files

memory/1072-60-0x0000000000A20000-0x0000000000A22000-memory.dmp

memory/1072-59-0x000007FEF2B30000-0x000007FEF3BC6000-memory.dmp

memory/1072-61-0x0000000000A26000-0x0000000000A45000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2021-07-30 19:01

Reported

2021-07-30 19:03

Platform

win10v20210408

Max time kernel

104s

Max time network

144s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0D8EEACCA6E4A8237F17DA724B237DA2.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\0D8EEACCA6E4A8237F17DA724B237DA2.exe

"C:\Users\Admin\AppData\Local\Temp\0D8EEACCA6E4A8237F17DA724B237DA2.exe"

Network

Country Destination Domain Proto
N/A 191.101.172.44:4125 tcp
N/A 191.101.172.44:6522 tcp

Files

memory/992-114-0x0000000002AB0000-0x0000000002AB2000-memory.dmp

memory/992-115-0x0000000002AB2000-0x0000000002AB4000-memory.dmp