Analysis Overview
SHA256
ecad65cf452d0f7586c8d08bc15576e5ac85ade2565e515485574cdae979bd3e
Threat Level: Known bad
The file ecad65cf452d0f7586c8d08bc15576e5ac85ade2565e515485574cdae979bd3e was found to be: Known bad.
Malicious Activity Summary
CrimsonRAT Main Payload
Crimsonrat family
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2022-01-21 22:54
Signatures
CrimsonRAT Main Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Crimsonrat family
Analysis: behavioral1
Detonation Overview
Submitted
2022-01-21 22:54
Reported
2022-01-21 23:06
Platform
win7-en-20211208
Max time kernel
124s
Max time network
134s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\ecad65cf452d0f7586c8d08bc15576e5ac85ade2565e515485574cdae979bd3e.exe
"C:\Users\Admin\AppData\Local\Temp\ecad65cf452d0f7586c8d08bc15576e5ac85ade2565e515485574cdae979bd3e.exe"
Network
| Country | Destination | Domain | Proto |
| GB | 95.168.176.141:4864 | tcp | |
| GB | 95.168.176.141:5861 | tcp | |
| GB | 95.168.176.141:13486 | tcp |
Files
memory/1540-54-0x0000000075891000-0x0000000075893000-memory.dmp
memory/1540-55-0x0000000000640000-0x0000000000641000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2022-01-21 22:54
Reported
2022-01-21 23:06
Platform
win10-en-20211208
Max time kernel
154s
Max time network
161s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\ecad65cf452d0f7586c8d08bc15576e5ac85ade2565e515485574cdae979bd3e.exe
"C:\Users\Admin\AppData\Local\Temp\ecad65cf452d0f7586c8d08bc15576e5ac85ade2565e515485574cdae979bd3e.exe"
Network
| Country | Destination | Domain | Proto |
| GB | 95.168.176.141:4864 | tcp | |
| GB | 95.168.176.141:5861 | tcp | |
| GB | 95.168.176.141:13486 | tcp | |
| GB | 95.168.176.141:16672 | tcp |
Files
memory/2692-115-0x0000000002300000-0x0000000002301000-memory.dmp