crimsonrat | a86e18190270888e9b8703a05c08588ab7fa841fea08ee667accc331c92e642f | Triage

Sharing

General

Target

a86e18190270888e9b8703a05c08588ab7fa841fea08ee667accc331c92e642f
Size

59KB
MD5

3ff165ee68d1bc03ae7d4d3baf99b963
SHA1

4ff623b234d7c72d3a8e12cdf90561bdd65be711
SHA256

a86e18190270888e9b8703a05c08588ab7fa841fea08ee667accc331c92e642f
SHA512

9a24e152b5ca8fff5e5a814f5d2aff8a43525451784a439872d2492ef4032cc27e0759befd3dee6ade5f44c2b85ca331c7044cc0d9a991dedbe87f84b596a7a5
SSDEEP

1536:6vInaN0FHToBi5iZeJ2C/abWssoxb9bkrAVI:h3F4Yi5TZ9bkrAu

Score

10^/10

crimsonrat

Malware Config

Signatures

CrimsonRAT Main Payload 1 IoCs

resource	yara_rule
sample	family_crimsonrat

Crimsonrat family
crimsonrat

Files

a86e18190270888e9b8703a05c08588ab7fa841fea08ee667accc331c92e642f
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ