Analysis Overview
SHA256
e0e33f6a80bd4bab7ea7b21d64e2632d9d769aa8994ece8fae9fc358b85514d5
Threat Level: Known bad
The file e0e33f6a80bd4bab7ea7b21d64e2632d9d769aa8994ece8fae9fc358b85514d5 was found to be: Known bad.
Malicious Activity Summary
CrimsonRAT Main Payload
Crimsonrat family
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2022-01-21 23:02
Signatures
CrimsonRAT Main Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Crimsonrat family
Analysis: behavioral1
Detonation Overview
Submitted
2022-01-21 23:01
Reported
2022-01-21 23:16
Platform
win7-en-20211208
Max time kernel
131s
Max time network
147s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\e0e33f6a80bd4bab7ea7b21d64e2632d9d769aa8994ece8fae9fc358b85514d5.exe
"C:\Users\Admin\AppData\Local\Temp\e0e33f6a80bd4bab7ea7b21d64e2632d9d769aa8994ece8fae9fc358b85514d5.exe"
Network
| Country | Destination | Domain | Proto |
| US | 107.175.64.251:6286 | tcp | |
| US | 107.175.64.251:4486 | tcp |
Files
memory/1724-55-0x0000000000780000-0x0000000000782000-memory.dmp
memory/1724-56-0x000007FEF2F10000-0x000007FEF3FA6000-memory.dmp
memory/1724-57-0x0000000000786000-0x00000000007A5000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2022-01-21 23:01
Reported
2022-01-21 23:17
Platform
win10-en-20211208
Max time kernel
154s
Max time network
164s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\e0e33f6a80bd4bab7ea7b21d64e2632d9d769aa8994ece8fae9fc358b85514d5.exe
"C:\Users\Admin\AppData\Local\Temp\e0e33f6a80bd4bab7ea7b21d64e2632d9d769aa8994ece8fae9fc358b85514d5.exe"
Network
| Country | Destination | Domain | Proto |
| US | 107.175.64.251:6286 | tcp | |
| US | 107.175.64.251:4486 | tcp | |
| US | 107.175.64.251:8249 | tcp |
Files
memory/2736-115-0x0000000002F00000-0x0000000002F02000-memory.dmp
memory/2736-116-0x0000000002F02000-0x0000000002F04000-memory.dmp