Malware Analysis Report

2024-10-19 10:21

Sample ID 220121-2vyl6abhf4
Target ecad65cf452d0f7586c8d08bc15576e5ac85ade2565e515485574cdae979bd3e
SHA256 ecad65cf452d0f7586c8d08bc15576e5ac85ade2565e515485574cdae979bd3e
Tags
crimsonrat
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

ecad65cf452d0f7586c8d08bc15576e5ac85ade2565e515485574cdae979bd3e

Threat Level: Known bad

The file ecad65cf452d0f7586c8d08bc15576e5ac85ade2565e515485574cdae979bd3e was found to be: Known bad.

Malicious Activity Summary

crimsonrat

CrimsonRAT Main Payload

Crimsonrat family

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2022-01-21 22:54

Signatures

CrimsonRAT Main Payload

Description Indicator Process Target
N/A N/A N/A N/A

Crimsonrat family

crimsonrat

Analysis: behavioral1

Detonation Overview

Submitted

2022-01-21 22:54

Reported

2022-01-21 23:06

Platform

win7-en-20211208

Max time kernel

124s

Max time network

134s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ecad65cf452d0f7586c8d08bc15576e5ac85ade2565e515485574cdae979bd3e.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\ecad65cf452d0f7586c8d08bc15576e5ac85ade2565e515485574cdae979bd3e.exe

"C:\Users\Admin\AppData\Local\Temp\ecad65cf452d0f7586c8d08bc15576e5ac85ade2565e515485574cdae979bd3e.exe"

Network

Country Destination Domain Proto
GB 95.168.176.141:4864 tcp
GB 95.168.176.141:5861 tcp
GB 95.168.176.141:13486 tcp

Files

memory/1540-54-0x0000000075891000-0x0000000075893000-memory.dmp

memory/1540-55-0x0000000000640000-0x0000000000641000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2022-01-21 22:54

Reported

2022-01-21 23:06

Platform

win10-en-20211208

Max time kernel

154s

Max time network

161s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ecad65cf452d0f7586c8d08bc15576e5ac85ade2565e515485574cdae979bd3e.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\ecad65cf452d0f7586c8d08bc15576e5ac85ade2565e515485574cdae979bd3e.exe

"C:\Users\Admin\AppData\Local\Temp\ecad65cf452d0f7586c8d08bc15576e5ac85ade2565e515485574cdae979bd3e.exe"

Network

Country Destination Domain Proto
GB 95.168.176.141:4864 tcp
GB 95.168.176.141:5861 tcp
GB 95.168.176.141:13486 tcp
GB 95.168.176.141:16672 tcp

Files

memory/2692-115-0x0000000002300000-0x0000000002301000-memory.dmp