crimsonrat | deeb84b07542eaa9efd4db44bf8e9ab15b9056930962352d458852410c57e3b2 | Triage

Sharing

General

Target

deeb84b07542eaa9efd4db44bf8e9ab15b9056930962352d458852410c57e3b2
Size

413KB
MD5

1d23a626be05b79ca2334c1ccec825cc
SHA1

2abf7b1bb66f2b1807fe78748078738764fa74d5
SHA256

deeb84b07542eaa9efd4db44bf8e9ab15b9056930962352d458852410c57e3b2
SHA512

7be3a82eb65da509f24369c289c5c092ad865728a025e54a75ad7305a2318a8b1386d9e5384116094a3b774e93c099f02e4b0bdb938a29c2533f4b564393facb
SSDEEP

3072:OEiKG/SJw3P4V0WOdHa4vCaIy+9EEcBLKHa4eeSUoww:riKG/SCf4V0WOdHa4qaI993

Score

10^/10

crimsonrat

Malware Config

Signatures

CrimsonRAT Main Payload 1 IoCs

resource	yara_rule
sample	family_crimsonrat

Crimsonrat family
crimsonrat

Files

deeb84b07542eaa9efd4db44bf8e9ab15b9056930962352d458852410c57e3b2
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 363KB - Virtual size: 363KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ