crimsonrat | 316b8da8f8158d496866db995fdb80e1644e40a0ee4875b5b4d65f17f17befa3 | Triage

Sharing

General

Target

316b8da8f8158d496866db995fdb80e1644e40a0ee4875b5b4d65f17f17befa3
Size

9.3MB
MD5

6a41bf5c17b85dd79c8948a1efda9523
SHA1

bd8623f19068e48ff42cd5f01e11ed2790efc308
SHA256

316b8da8f8158d496866db995fdb80e1644e40a0ee4875b5b4d65f17f17befa3
SHA512

45fa16907425228c95fd3e4e2db95728277b605cf51924d640771ba6bea084806dfa0be9aebeae731c0ff34daf731711fa963a87a617cac4b4766f2d0eddf95a
SSDEEP

6144:G973fy999y999d999d999d999d999x999w999y999d999d999d999d999x999w9q:G97

Score

10^/10

crimsonrat

Malware Config

Signatures

CrimsonRAT Main Payload 1 IoCs

resource	yara_rule
sample	family_crimsonrat

Crimsonrat family
crimsonrat

Files

316b8da8f8158d496866db995fdb80e1644e40a0ee4875b5b4d65f17f17befa3
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 9.2MB - Virtual size: 9.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ