Overview

overview

10

Static

static

4075ae09b2...7e.exe

windows7_x64

10

4075ae09b2...7e.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4075ae09b2cad5580286fb104acdbc0bfff1168e1f49057049807af7ec11957e

  • Size

    59KB

  • Sample

    220420-ew3wyaahg4

  • MD5

    04f60dd495708663a410f38db90a5592

  • SHA1

    b2a517f140c0064dd7384c0aeee0c0471bcad126

  • SHA256

    4075ae09b2cad5580286fb104acdbc0bfff1168e1f49057049807af7ec11957e

  • SHA512

    5058fed79826dc45acd7f77cfd3c080dbd708ddcda565c41d8c9e38bcd5aca9551b426abfe6033301833dd7f98783ff0d8da14b514e820de780295758376ecdc

Score
10/10
crimsonratrat

Malware Config

Targets

    • Target

      4075ae09b2cad5580286fb104acdbc0bfff1168e1f49057049807af7ec11957e

    • Size

      59KB

    • MD5

      04f60dd495708663a410f38db90a5592

    • SHA1

      b2a517f140c0064dd7384c0aeee0c0471bcad126

    • SHA256

      4075ae09b2cad5580286fb104acdbc0bfff1168e1f49057049807af7ec11957e

    • SHA512

      5058fed79826dc45acd7f77cfd3c080dbd708ddcda565c41d8c9e38bcd5aca9551b426abfe6033301833dd7f98783ff0d8da14b514e820de780295758376ecdc

    Score
    10/10
    crimsonratrat

    • CrimsonRAT Main Payload

    • CrimsonRat

      Crimson RAT is a malware linked to a Pakistani-linked threat actor.

      ratcrimsonrat

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks