crimsonrat | 502c7793e4f6e5186e4ce075704b901ba053a1f99446feec4f7d16ce450880f3 | Triage

Sharing

General

Target

502c7793e4f6e5186e4ce075704b901ba053a1f99446feec4f7d16ce450880f3
Size

9.7MB
MD5

d5dd6a344fbe7d6f83c1765a874be19a
SHA1

621d0a4fd8a40849ef9a36f6403094a452ad38bb
SHA256

502c7793e4f6e5186e4ce075704b901ba053a1f99446feec4f7d16ce450880f3
SHA512

22ac43718c940ff13048f23c122a68a74a6e0d2d6c7c838dcddf95fa88f20cd30d4de5a3d09a6e8584ca4021ab31a6950de05190fd613e2a7033e220eb967893
SSDEEP

1536:Bhhd46I1o/XHC0UaQ7tz7ac9eZcJYJ3cJ1/xMHAnkTzB:v4YAaQ7d2aeZcJYJ3cJ1/mHAOzB

Score

10^/10

crimsonrat

Malware Config

Signatures

CrimsonRAT Main Payload 1 IoCs

resource	yara_rule
sample	family_crimsonrat

Crimsonrat family
crimsonrat

Files

502c7793e4f6e5186e4ce075704b901ba053a1f99446feec4f7d16ce450880f3
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 9.6MB - Virtual size: 9.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ