Overview

overview

10

Static

static

c2a635767c...73.exe

windows7_x64

10

c2a635767c...73.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c2a635767c84df8471d4f614b9c35b2ba75070b0c9f8c3721fc0aaace79dcc73

  • Size

    59KB

  • Sample

    220420-ew2nwafddk

  • MD5

    9882ba138b96b395eea3c3b542633f60

  • SHA1

    185ba36c072edb8ed7494e889e88047808ff2f4f

  • SHA256

    c2a635767c84df8471d4f614b9c35b2ba75070b0c9f8c3721fc0aaace79dcc73

  • SHA512

    c742360bc636925148f29f00ee7407d485b97c1bcffa40b8f92a885cfe7743ea65195d2842844574828c7720c1381b144755e59ded9eff4a97aa7aa127c0e7f4

Score
10/10
crimsonratrat

Malware Config

Targets

    • Target

      c2a635767c84df8471d4f614b9c35b2ba75070b0c9f8c3721fc0aaace79dcc73

    • Size

      59KB

    • MD5

      9882ba138b96b395eea3c3b542633f60

    • SHA1

      185ba36c072edb8ed7494e889e88047808ff2f4f

    • SHA256

      c2a635767c84df8471d4f614b9c35b2ba75070b0c9f8c3721fc0aaace79dcc73

    • SHA512

      c742360bc636925148f29f00ee7407d485b97c1bcffa40b8f92a885cfe7743ea65195d2842844574828c7720c1381b144755e59ded9eff4a97aa7aa127c0e7f4

    Score
    10/10
    crimsonratrat

    • CrimsonRAT Main Payload

    • CrimsonRat

      Crimson RAT is a malware linked to a Pakistani-linked threat actor.

      ratcrimsonrat

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks