crimsonrat | rvi[.]rar | Triage

Resubmissions

05-09-2022 17:27

220905-v1mcrafch3 10

Sharing

General

Target

rvi.rar
Size

166KB
MD5

d3055a275cf792cfc748f2f876fa4e4d
SHA1

ea09a4703f177099b4a968db52b1284d510748b0
SHA256

ec4a7e9707833ce7f866c34334496e92e3f8140995781af1bc43d706b861622b
SHA512

9f89b53401c394152477e3fe840d48491aed3c35b07ee6ea48536d6f3dca76e04c3fabbc04abde41571f8d0914d6536f9d951e0cf7cfdb6c176b61a4da90a866
SSDEEP

3072:2gMkMJCjG1zWmlJF9DoPNmB7UYpYbcTKsqE1UEXKEttnZb2E0o:jMAGwmjDoPNmBqbcTwmnXTtF1fH

Score

10^/10

crimsonrat

Malware Config

Signatures

CrimsonRAT main payload 2 IoCs

Processes:

resource	yara_rule
static1/unpack001/rvihbwsaua.exe	family_crimsonrat
static1/unpack001/rvihbwsaua10.scr	family_crimsonrat

Crimsonrat family
crimsonrat

Files

rvi.rar
.rar

Password: infected
rvihbwsaua.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 9.6MB - Virtual size: 9.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 363KB - Virtual size: 363KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rvihbwsaua10.scr
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 9.6MB - Virtual size: 9.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 363KB - Virtual size: 363KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ