Analysis Overview
SHA256
e4fd6452566102631a74d55b5a74b3fc5a2b7431144fb0ecf9f9fe64489a7409
Threat Level: Known bad
The file e4fd6452566102631a74d55b5a74b3fc5a2b7431144fb0ecf9f9fe64489a7409 was found to be: Known bad.
Malicious Activity Summary
CrimsonRAT Main Payload
Crimsonrat family
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2022-01-21 22:57
Signatures
CrimsonRAT Main Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Crimsonrat family
Analysis: behavioral1
Detonation Overview
Submitted
2022-01-21 22:57
Reported
2022-01-21 23:12
Platform
win7-en-20211208
Max time kernel
151s
Max time network
154s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\e4fd6452566102631a74d55b5a74b3fc5a2b7431144fb0ecf9f9fe64489a7409.exe
"C:\Users\Admin\AppData\Local\Temp\e4fd6452566102631a74d55b5a74b3fc5a2b7431144fb0ecf9f9fe64489a7409.exe"
Network
| Country | Destination | Domain | Proto |
| AU | 181.215.47.169:3368 | tcp | |
| AU | 181.215.47.169:6728 | tcp | |
| AU | 181.215.47.169:15418 | tcp | |
| AU | 181.215.47.169:8822 | tcp |
Files
memory/744-54-0x0000000002A90000-0x0000000002A92000-memory.dmp
memory/744-55-0x000007FEF23C0000-0x000007FEF3456000-memory.dmp
memory/744-56-0x0000000002A96000-0x0000000002AB5000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2022-01-21 22:57
Reported
2022-01-21 23:11
Platform
win10-en-20211208
Max time kernel
126s
Max time network
143s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\e4fd6452566102631a74d55b5a74b3fc5a2b7431144fb0ecf9f9fe64489a7409.exe
"C:\Users\Admin\AppData\Local\Temp\e4fd6452566102631a74d55b5a74b3fc5a2b7431144fb0ecf9f9fe64489a7409.exe"
Network
| Country | Destination | Domain | Proto |
| AU | 181.215.47.169:3368 | tcp | |
| AU | 181.215.47.169:6728 | tcp | |
| AU | 181.215.47.169:15418 | tcp |
Files
memory/1816-115-0x0000000002C00000-0x0000000002C02000-memory.dmp
memory/1816-116-0x0000000002C02000-0x0000000002C04000-memory.dmp