crimsonrat | 9544bb44a22d6b3d15429fd0658cc6acc1e9379f0dcd659f9847f15b1effa934 | Triage

Sharing

General

Target

9544bb44a22d6b3d15429fd0658cc6acc1e9379f0dcd659f9847f15b1effa934
Size

95KB
MD5

897fc3a65f84e1c3db932965a574d982
SHA1

2873f5215cd6e62b4b0a12861fce64685e557fdf
SHA256

9544bb44a22d6b3d15429fd0658cc6acc1e9379f0dcd659f9847f15b1effa934
SHA512

fb6f924f30bd00566a1f0421c8d9439cc0342a156225ec7bc82141bcc42bcbb62ecb616340a80ae1142c0b612ca9579955f0a12d7e372774772621783a890b66
SSDEEP

1536:7t2JjX0QfrogRBbgjYnJ9rZ95gdqYK2CWohWd/pKC4Sz:7t2JD0Q1JZ96CXUxKC4Sz

Score

10^/10

crimsonrat

Malware Config

Signatures

CrimsonRAT Main Payload 1 IoCs

resource	yara_rule
sample	family_crimsonrat

Crimsonrat family
crimsonrat

Files

9544bb44a22d6b3d15429fd0658cc6acc1e9379f0dcd659f9847f15b1effa934
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ