crimsonrat | e3844f43afbc510d0b5c6f77e482711bbbb3dcae8e04b2f7200a11eff27c029d | Triage

Sharing

General

Target

e3844f43afbc510d0b5c6f77e482711bbbb3dcae8e04b2f7200a11eff27c029d
Size

1.8MB
Sample

220121-2zf8nscdaq
MD5

b155618591b4179a7271c92035d13657
SHA1

08baa0e21ef266d225ef91bcf93f7214d7bcb73f
SHA256

e3844f43afbc510d0b5c6f77e482711bbbb3dcae8e04b2f7200a11eff27c029d
SHA512

c8277b0fbf409807fe26eaa42444f1a3cc52499fe0db690c36fec082374e6d1e105f557a659a117116b53862faa8fbc6fe84fd2c2abcf453f8bd5dc46f81bf2f

Score

10^/10

crimsonrat rat

Malware Config

Targets

- Target
  
  BHC-PR/BHC PR - British Airways Restarts Flights to Pakistan.exe
- Size
  
  265KB
- MD5
  
  aa2081abe728ee1cc658dd0362bc464f
- SHA1
  
  811cc8f3095fee20a1c6f5041c243fbf39ae8fcf
- SHA256
  
  a22f6dc3eb0001c2be76d261721a1c1f419e15f6b5bfff95c5b8a5f633ce1956
- SHA512
  
  621883b9cc461656f9f70e3f4dcd26f5827a007cc194d535bba414f5f8b406ee0f2edd6269617a2a947dfb60ea2c0176e840798802c6c8fb9ffb9a55c511f5f1
Score

10^/10

crimsonrat rat
- CrimsonRAT Main Payload
- CrimsonRat
  Crimson RAT is a malware linked to a Pakistani-linked threat actor.
  rat crimsonrat
- Executes dropped EXE
behavioral1 behavioral2
- Target
  
  BHC-PR/British High Commission Peter Emmerson.exe
- Size
  
  1006KB
- MD5
  
  c19114fc0d83113a32c5b22b8863dcc1
- SHA1
  
  3d3e58b4009c10d3a842a45925132e7482cfcdac
- SHA256
  
  c9cdd5a5b0701a4d311e0264f5bcec49fa500dde81ff8dbaa081be032b0c0446
- SHA512
  
  c8973c8055ea42c2ca50dffa743bde646de55eda3bc1c4b669cff05ac0f9cef5edccb9c735e5a2e9d88d2f9fd0e2c0e7b4cf538405cea39463e6a4a0feffd997
Score

10^/10

crimsonrat rat
- CrimsonRAT Main Payload
- CrimsonRat
  Crimson RAT is a malware linked to a Pakistani-linked threat actor.
  rat crimsonrat
- Executes dropped EXE
behavioral3 behavioral4
- Target
  
  BHC-PR/British High Commission Press Release - GREAT Debate Islamabad 2020.exe
- Size
  
  267KB
- MD5
  
  f6dab5861b5907b39004712c58bbfb04
- SHA1
  
  d5e8b77806150ba31efd82e05db7e678a3f52874
- SHA256
  
  567b82c892f10a5cc6d0286c5777e7462cec7182eba81db7dd7de53d1e8d3274
- SHA512
  
  b2dfc9ee64521d25a19e2867cf3446e06bde9c65988ff3e2924d8a8eee76f4553ba0cdc9e953f848d3c6a8e96d0d57874cb0df6fc94dc2402425d4634109e16c
Score

10^/10

crimsonrat rat
- CrimsonRAT Main Payload
- CrimsonRat
  Crimson RAT is a malware linked to a Pakistani-linked threat actor.
  rat crimsonrat
- Executes dropped EXE
behavioral5 behavioral6
- Target
  
  BHC-PR/British High Commission Rhinnon Mills receipts.exe
- Size
  
  706KB
- MD5
  
  b3ec999208c86b7a635cc3d2474793ec
- SHA1
  
  091603e621eb2f30a38464fae3a758be39f5beb8
- SHA256
  
  93f2358f631d4bf5a1f16b40c5bb9479dbda492d6e96c2fd9760854d219faab1
- SHA512
  
  74eda3e3b410e44773ac6ad4e54938bab9f306f1a1036c93e8d509a7419d400e0974dd585b4b7ee5e640477231fe1e73f24957662f12b98d6109478ab9b4cdf4
Score

10^/10

crimsonrat rat
- CrimsonRAT Main Payload
- CrimsonRat
  Crimson RAT is a malware linked to a Pakistani-linked threat actor.
  rat crimsonrat
- Executes dropped EXE
behavioral7 behavioral8
- Target
  
  BHC-PR/British High Commission Rhinnon Mills.exe
- Size
  
  687KB
- MD5
  
  41120771530675f31125936f630d7a67
- SHA1
  
  9f55015e9bfbb65f0a5b2ad8deaea1df67660fec
- SHA256
  
  1bf6dc9af6dd730120f598d02f139f5a7776993afe29679f83a3d2fda3599736
- SHA512
  
  62c4c55cf8b9c987c064300210ce746242565d4e3b0ff0008cbcf5fac4668e4cc14d007caa697dcb3774fb1ec679646cb4bff3f012ef0e104870277fcd5f7e58
Score

10^/10

crimsonrat rat
- CrimsonRAT Main Payload
- CrimsonRat
  Crimson RAT is a malware linked to a Pakistani-linked threat actor.
  rat crimsonrat
- Executes dropped EXE
behavioral9 behavioral10
- Target
  
  BHC-PR/British High Commission Urdu Press Release - GREAT Debate Islamabad 2020.exe
- Size
  
  269KB
- MD5
  
  336848d6de6faa8e8d737570046b0321
- SHA1
  
  84c33015a30fcfe38faa294820782c1f2f68da06
- SHA256
  
  e7dbf1eacfbd73576b0e410099898e4c7e2d51d76fe3095314dee1b54860bf4f
- SHA512
  
  85196ede8187b9f8711547fc1fc5f497edd8c9083d29b23ce2d2ac18a83fdc81cde2a38e9fb98de89e927cc016c04db9457dff14255679b5ed047a18d7334cfe
Score

10^/10

crimsonrat rat
- CrimsonRAT Main Payload
- CrimsonRat
  Crimson RAT is a malware linked to a Pakistani-linked threat actor.
  rat crimsonrat
- Executes dropped EXE
behavioral11 behavioral12

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12