Analysis Overview
SHA256
fd8ced785e918da29bebe5f49a909794594fec7564477d8db4aa9a170681ea39
Threat Level: Known bad
The file fd8ced785e918da29bebe5f49a909794594fec7564477d8db4aa9a170681ea39 was found to be: Known bad.
Malicious Activity Summary
CrimsonRAT Main Payload
Crimsonrat family
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2022-01-21 22:49
Signatures
CrimsonRAT Main Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Crimsonrat family
Analysis: behavioral4
Detonation Overview
Submitted
2022-01-21 22:49
Reported
2022-01-21 22:53
Platform
win10-en-20211208
Max time kernel
138s
Max time network
138s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\Bhthmars\ignvdmvra.exe
"C:\Users\Admin\AppData\Local\Temp\Bhthmars\ignvdmvra.exe"
Network
| Country | Destination | Domain | Proto |
| NL | 104.80.224.57:443 | tcp | |
| FR | 151.106.14.125:6818 | tcp | |
| FR | 151.106.14.125:3468 | tcp | |
| FR | 151.106.14.125:16418 | tcp |
Files
memory/3804-115-0x0000000001E00000-0x0000000001E02000-memory.dmp
memory/3804-116-0x0000000001E02000-0x0000000001E04000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2022-01-21 22:49
Reported
2022-01-21 22:54
Platform
win7-en-20211208
Max time kernel
147s
Max time network
150s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\ignvdmvra.exe
"C:\Users\Admin\AppData\Local\Temp\ignvdmvra.exe"
Network
| Country | Destination | Domain | Proto |
| FR | 151.106.14.125:6818 | tcp | |
| FR | 151.106.14.125:3468 | tcp | |
| FR | 151.106.14.125:16418 | tcp | |
| FR | 151.106.14.125:8722 | tcp |
Files
memory/1628-54-0x0000000000C00000-0x0000000000C02000-memory.dmp
memory/1628-55-0x000007FEF1EE0000-0x000007FEF2F76000-memory.dmp
memory/1628-56-0x0000000000C06000-0x0000000000C25000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2022-01-21 22:49
Reported
2022-01-21 22:53
Platform
win10-en-20211208
Max time kernel
130s
Max time network
137s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\ignvdmvra.exe
"C:\Users\Admin\AppData\Local\Temp\ignvdmvra.exe"
Network
| Country | Destination | Domain | Proto |
| FR | 151.106.14.125:6818 | tcp | |
| FR | 151.106.14.125:3468 | tcp | |
| FR | 151.106.14.125:16418 | tcp |
Files
memory/3004-118-0x0000000002D60000-0x0000000002D62000-memory.dmp
memory/3004-119-0x0000000002D62000-0x0000000002D64000-memory.dmp
Analysis: behavioral3
Detonation Overview
Submitted
2022-01-21 22:49
Reported
2022-01-21 22:53
Platform
win7-en-20211208
Max time kernel
153s
Max time network
127s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\Bhthmars\ignvdmvra.exe
"C:\Users\Admin\AppData\Local\Temp\Bhthmars\ignvdmvra.exe"
Network
| Country | Destination | Domain | Proto |
| FR | 151.106.14.125:6818 | tcp | |
| FR | 151.106.14.125:3468 | tcp | |
| FR | 151.106.14.125:16418 | tcp | |
| FR | 151.106.14.125:8722 | tcp |
Files
memory/1568-54-0x00000000003A0000-0x00000000003C2000-memory.dmp
memory/1568-55-0x000007FEF3160000-0x000007FEF41F6000-memory.dmp
memory/1568-56-0x00000000003C6000-0x00000000003E5000-memory.dmp