crimsonrat | 84fb5d99db36d869cf03b6b3c559fa976d0ea17e112e91596ddc0b0079a6b2e0 | Triage

Sharing

General

Target

84fb5d99db36d869cf03b6b3c559fa976d0ea17e112e91596ddc0b0079a6b2e0
Size

177KB
MD5

5a6bec1a9c38f6857525cca40f64b2ed
SHA1

7b930d3516d1396a4f374ee30339e2003714e51a
SHA256

84fb5d99db36d869cf03b6b3c559fa976d0ea17e112e91596ddc0b0079a6b2e0
SHA512

463df2bc985d32e852c6ad036cd1e5c403e188662ff9dde34037abf7c92b861c638411b53cf028ff267568244b145f2ec1dd015733c532c0d214c510d19f33b6
SSDEEP

1536:Dl96bUDUgvSp2ZXT1Gu9wDfd/0OhDDJWiEUyy/by5gxxG:DGbUDBNSu9wDF/0OhDDJWiEUyy/m

Score

10^/10

crimsonrat

Malware Config

Signatures

CrimsonRAT Main Payload 1 IoCs

Processes:

resource	yara_rule
sample	family_crimsonrat

Crimsonrat family
crimsonrat

Files

84fb5d99db36d869cf03b6b3c559fa976d0ea17e112e91596ddc0b0079a6b2e0
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ