crimsonrat | ihtaovminu10[.]rar | Triage

Sharing

General

Target

ihtaovminu10.rar
Size

117KB
MD5

8ef7d6e8edd56d6c4efc29d853b4e9d4
SHA1

190d1e97563d2b6e90c2e382a10d531ed0e0659e
SHA256

f674caa23eda1b3311c756cd7e87c49999bd16bca26fcd7c91cc38daad50b5b0
SHA512

b66da01e86afb60bcba2518e9fe6a135bcaee174f9965615865625e164086ddd297496736e6a593264d5aed5bdcc1c5d374fd0cc123c41f6f1bec294afb5817e
SSDEEP

3072:3ljmmYSZdtNg5DJw0p9e7sm3dsYZAzRSurH1mzME:Vjl5j7kDo9sYORSlME

Score

10^/10

crimsonrat

Malware Config

Signatures

CrimsonRAT main payload 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/ihtaovminu10.exe	family_crimsonrat

Crimsonrat family
crimsonrat

Files

ihtaovminu10.rar
.rar

Password: infected
ihtaovminu10.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 8.6MB - Virtual size: 8.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ