crimsonrat | 9f50b0f990b7f89b105ab2c6d99b6bee93c3963f265ee41176d1854996069a40 | Triage

Sharing

General

Target

9f50b0f990b7f89b105ab2c6d99b6bee93c3963f265ee41176d1854996069a40
Size

87KB
MD5

9e73d275202b02b3f0ed23951fda30da
SHA1

fcc8ac89581e1625a05ef54cee9ce8d3a48a8144
SHA256

9f50b0f990b7f89b105ab2c6d99b6bee93c3963f265ee41176d1854996069a40
SHA512

bc2a13759e87b6e6bdabdcaaabd6d30204ea86fc1bcb1ee8586f1aa7453247bd4618e206bc126e57129c16f0806251a8243583f1035241c9adc55d81efe037d3
SSDEEP

1536:8iH2indcJzdjcv+KUv6cvSauqdjcv+KUv6cvSauOiwm/Cu93TTrb:DHdMjiUvRPjiUvRFu93TTrb

Score

10^/10

crimsonrat

Malware Config

Signatures

CrimsonRAT Main Payload 1 IoCs

Processes:

resource	yara_rule
sample	family_crimsonrat

Crimsonrat family
crimsonrat

Files

9f50b0f990b7f89b105ab2c6d99b6bee93c3963f265ee41176d1854996069a40
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ