Malware Analysis Report

2024-10-19 10:21

Sample ID 220121-2vxd4abhf2
Target ecd7d7a27a2a043919a233bb91e3b009c05b7c81ff132a7c29228e1c45d2b6a6
SHA256 ecd7d7a27a2a043919a233bb91e3b009c05b7c81ff132a7c29228e1c45d2b6a6
Tags
crimsonrat
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

ecd7d7a27a2a043919a233bb91e3b009c05b7c81ff132a7c29228e1c45d2b6a6

Threat Level: Known bad

The file ecd7d7a27a2a043919a233bb91e3b009c05b7c81ff132a7c29228e1c45d2b6a6 was found to be: Known bad.

Malicious Activity Summary

crimsonrat

CrimsonRAT Main Payload

Crimsonrat family

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2022-01-21 22:54

Signatures

CrimsonRAT Main Payload

Description Indicator Process Target
N/A N/A N/A N/A

Crimsonrat family

crimsonrat

Analysis: behavioral1

Detonation Overview

Submitted

2022-01-21 22:54

Reported

2022-01-21 23:06

Platform

win7-en-20211208

Max time kernel

155s

Max time network

156s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ecd7d7a27a2a043919a233bb91e3b009c05b7c81ff132a7c29228e1c45d2b6a6.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\ecd7d7a27a2a043919a233bb91e3b009c05b7c81ff132a7c29228e1c45d2b6a6.exe

"C:\Users\Admin\AppData\Local\Temp\ecd7d7a27a2a043919a233bb91e3b009c05b7c81ff132a7c29228e1c45d2b6a6.exe"

Network

Country Destination Domain Proto
CA 167.114.138.12:6828 tcp
CA 167.114.138.12:8661 tcp
CA 167.114.138.12:10614 tcp
CA 167.114.138.12:14822 tcp

Files

memory/1608-54-0x0000000000C40000-0x0000000000C42000-memory.dmp

memory/1608-55-0x000007FEF2F00000-0x000007FEF3F96000-memory.dmp

memory/1608-56-0x0000000000C46000-0x0000000000C65000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2022-01-21 22:54

Reported

2022-01-21 23:06

Platform

win10-en-20211208

Max time kernel

153s

Max time network

159s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ecd7d7a27a2a043919a233bb91e3b009c05b7c81ff132a7c29228e1c45d2b6a6.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\ecd7d7a27a2a043919a233bb91e3b009c05b7c81ff132a7c29228e1c45d2b6a6.exe

"C:\Users\Admin\AppData\Local\Temp\ecd7d7a27a2a043919a233bb91e3b009c05b7c81ff132a7c29228e1c45d2b6a6.exe"

Network

Country Destination Domain Proto
CA 167.114.138.12:6828 tcp
CA 167.114.138.12:8661 tcp
CA 167.114.138.12:10614 tcp
CA 167.114.138.12:14822 tcp

Files

memory/2604-115-0x00000000029F0000-0x0000000002A00000-memory.dmp

memory/2604-116-0x00000000029F0000-0x0000000002A00000-memory.dmp