crimsonrat | 97d3eadbe9b85aeb07a0ad9fe11ff36fb34d60d4968917f9c8e3e89688e3c437 | Triage

Sharing

General

Target

97d3eadbe9b85aeb07a0ad9fe11ff36fb34d60d4968917f9c8e3e89688e3c437
Size

108KB
MD5

f1a2caf0dd7922ea3a64231fd5af7715
SHA1

8afaec7a8d1e17bbf18c3a00bd13a2af5901711f
SHA256

97d3eadbe9b85aeb07a0ad9fe11ff36fb34d60d4968917f9c8e3e89688e3c437
SHA512

02373a97b7772a1b0bc1a2d405d94861b120c1fb05e43bddfcdc1ac08a161ce41c1b5869f9b18bd568c79153ace44f68f7b02016640084a678227d0d975bb86a
SSDEEP

1536:nF6sP/B7WY7CjLXdvdJyaR/wCmJ49H/hLlLup36WnJ:EgoY7CHXP00B9H/hl0j

Score

10^/10

crimsonrat

Malware Config

Signatures

CrimsonRAT Main Payload 1 IoCs

resource	yara_rule
sample	family_crimsonrat

Crimsonrat family
crimsonrat

Files

97d3eadbe9b85aeb07a0ad9fe11ff36fb34d60d4968917f9c8e3e89688e3c437
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ