Static task
static1
Behavioral task
behavioral1
Sample
fe04712df428e50a363a85db3bfe4503cad0b67449175f12a1a5eaff656348da.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
fe04712df428e50a363a85db3bfe4503cad0b67449175f12a1a5eaff656348da.exe
Resource
win10-en-20211208
General
-
Target
fe04712df428e50a363a85db3bfe4503cad0b67449175f12a1a5eaff656348da
-
Size
9.7MB
-
MD5
5800ee7adeb563532bba5477f6af571d
-
SHA1
000665d287552cd4c4198ee7160c758832e047ea
-
SHA256
fe04712df428e50a363a85db3bfe4503cad0b67449175f12a1a5eaff656348da
-
SHA512
53e66c657fc0fc7958c5cc4720d4910fd3940f0c716368da9d7b91225171dd5ccdc86f32b67694fd4f799da19343df39434e2bf4fa04fc40a426f3bfc42c1378
-
SSDEEP
1536:V6Y3A6XeDwod4ofOIGm4LZacjwYIQWCKiED9+yu5d:Vz3A6XeDbmvM4UnEWXi++vd
Malware Config
Signatures
-
CrimsonRAT Main Payload 1 IoCs
Processes:
resource yara_rule sample family_crimsonrat -
Crimsonrat family
Files
-
fe04712df428e50a363a85db3bfe4503cad0b67449175f12a1a5eaff656348da.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Code Sign
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 9.6MB - Virtual size: 9.6MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 68KB - Virtual size: 67KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ