Malware Analysis Report

2024-10-19 10:21

Sample ID 220121-2r1bksbgb5
Target fd8ced785e918da29bebe5f49a909794594fec7564477d8db4aa9a170681ea39
SHA256 fd8ced785e918da29bebe5f49a909794594fec7564477d8db4aa9a170681ea39
Tags
crimsonrat
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

fd8ced785e918da29bebe5f49a909794594fec7564477d8db4aa9a170681ea39

Threat Level: Known bad

The file fd8ced785e918da29bebe5f49a909794594fec7564477d8db4aa9a170681ea39 was found to be: Known bad.

Malicious Activity Summary

crimsonrat

CrimsonRAT Main Payload

Crimsonrat family

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2022-01-21 22:49

Signatures

CrimsonRAT Main Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Crimsonrat family

crimsonrat

Analysis: behavioral4

Detonation Overview

Submitted

2022-01-21 22:49

Reported

2022-01-21 22:53

Platform

win10-en-20211208

Max time kernel

138s

Max time network

138s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Bhthmars\ignvdmvra.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Bhthmars\ignvdmvra.exe

"C:\Users\Admin\AppData\Local\Temp\Bhthmars\ignvdmvra.exe"

Network

Country Destination Domain Proto
NL 104.80.224.57:443 tcp
FR 151.106.14.125:6818 tcp
FR 151.106.14.125:3468 tcp
FR 151.106.14.125:16418 tcp

Files

memory/3804-115-0x0000000001E00000-0x0000000001E02000-memory.dmp

memory/3804-116-0x0000000001E02000-0x0000000001E04000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2022-01-21 22:49

Reported

2022-01-21 22:54

Platform

win7-en-20211208

Max time kernel

147s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ignvdmvra.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\ignvdmvra.exe

"C:\Users\Admin\AppData\Local\Temp\ignvdmvra.exe"

Network

Country Destination Domain Proto
FR 151.106.14.125:6818 tcp
FR 151.106.14.125:3468 tcp
FR 151.106.14.125:16418 tcp
FR 151.106.14.125:8722 tcp

Files

memory/1628-54-0x0000000000C00000-0x0000000000C02000-memory.dmp

memory/1628-55-0x000007FEF1EE0000-0x000007FEF2F76000-memory.dmp

memory/1628-56-0x0000000000C06000-0x0000000000C25000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2022-01-21 22:49

Reported

2022-01-21 22:53

Platform

win10-en-20211208

Max time kernel

130s

Max time network

137s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ignvdmvra.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\ignvdmvra.exe

"C:\Users\Admin\AppData\Local\Temp\ignvdmvra.exe"

Network

Country Destination Domain Proto
FR 151.106.14.125:6818 tcp
FR 151.106.14.125:3468 tcp
FR 151.106.14.125:16418 tcp

Files

memory/3004-118-0x0000000002D60000-0x0000000002D62000-memory.dmp

memory/3004-119-0x0000000002D62000-0x0000000002D64000-memory.dmp

Analysis: behavioral3

Detonation Overview

Submitted

2022-01-21 22:49

Reported

2022-01-21 22:53

Platform

win7-en-20211208

Max time kernel

153s

Max time network

127s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Bhthmars\ignvdmvra.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Bhthmars\ignvdmvra.exe

"C:\Users\Admin\AppData\Local\Temp\Bhthmars\ignvdmvra.exe"

Network

Country Destination Domain Proto
FR 151.106.14.125:6818 tcp
FR 151.106.14.125:3468 tcp
FR 151.106.14.125:16418 tcp
FR 151.106.14.125:8722 tcp

Files

memory/1568-54-0x00000000003A0000-0x00000000003C2000-memory.dmp

memory/1568-55-0x000007FEF3160000-0x000007FEF41F6000-memory.dmp

memory/1568-56-0x00000000003C6000-0x00000000003E5000-memory.dmp