crimsonrat | 5d558a9df7802486977851c704c37ce168259df48de3cac8714b496b69da2bc8 | Triage

Sharing

General

Target

5d558a9df7802486977851c704c37ce168259df48de3cac8714b496b69da2bc8
Size

9.5MB
MD5

781715280b0045352854aef2069427b1
SHA1

4223ffa99c7de048cd47d574cf8167f3bfd8551d
SHA256

5d558a9df7802486977851c704c37ce168259df48de3cac8714b496b69da2bc8
SHA512

5cc547956733a0aa913ab64fc24b377e05f95d593643359d6cc881b573a65c28cca61970d88a84ad39d540722a48c95763471a5ab7965c955534979711151409
SSDEEP

768:IGlg9bBwdv7Q+rGH1ao43mUrlSESZEIAE9o59GwbQjtzC1tnp:IL9d4ciGH4x9wqIW59GwbKGtn

Score

10^/10

crimsonrat

Malware Config

Signatures

CrimsonRAT Main Payload 1 IoCs

resource	yara_rule
sample	family_crimsonrat

Crimsonrat family
crimsonrat

Files

5d558a9df7802486977851c704c37ce168259df48de3cac8714b496b69da2bc8
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 9.2MB - Virtual size: 9.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 363KB - Virtual size: 363KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ