Static task
static1
Behavioral task
behavioral1
Sample
ee84f4b188c1c76e1b98ec4821ef90bb600a3ea89c2a84ee44a1f89712565a22.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
ee84f4b188c1c76e1b98ec4821ef90bb600a3ea89c2a84ee44a1f89712565a22.exe
Resource
win10-en-20211208
General
-
Target
ee84f4b188c1c76e1b98ec4821ef90bb600a3ea89c2a84ee44a1f89712565a22
-
Size
9.6MB
-
MD5
d8f3992dd81b1cfda4fc4b95337117ff
-
SHA1
526f4fc3fcdc0d3e0a7c7e7c23d4617140189a47
-
SHA256
ee84f4b188c1c76e1b98ec4821ef90bb600a3ea89c2a84ee44a1f89712565a22
-
SHA512
08b09529b5c3e7429d9f65d9136177d108d0bb7d0a8a116f96bb789d6035157e00482cd72a7cdb1b772d026021d290829223db255844ee36cd483fd8b4772ac3
-
SSDEEP
384:niUvizAKJVsce0k+4+Y1v9XEA8KW6TdlbGxRHOJL2QxrNbSyskPMFQC7wW9WvSZ:iUvi/VsVx+Y1v9d8fQbIQvkj4r
Malware Config
Signatures
-
CrimsonRAT Main Payload 1 IoCs
Processes:
resource yara_rule sample family_crimsonrat -
Crimsonrat family
Files
-
ee84f4b188c1c76e1b98ec4821ef90bb600a3ea89c2a84ee44a1f89712565a22.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Code Sign
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 9.6MB - Virtual size: 9.6MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ