crimsonrat | ca74472613129855bd7fc79c4a245a2f27de85086cfd191506f1c9906b9ae460[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

ca74472613129855bd7fc79c4a245a2f27de85086cfd191506f1c9906b9ae460.exe
Size

9.7MB
MD5

543e6753b0fcdb5099ff718337f460ca
SHA1

561c10c491fc7823b99bf5102d878a3f15e6a90c
SHA256

ca74472613129855bd7fc79c4a245a2f27de85086cfd191506f1c9906b9ae460
SHA512

753960c8d85199b1d30484c27af601b327bb2624fe8a1b2a11ff737d021ea5dd673edb1782713319e2e9d9e1060a0529d6d66f9c5371bd063351fbefc09d4950
SSDEEP

1536:E1wa7otTYoJ2wS13Bx7fIz6v3Wp9uxzub:E1sZYWS13BZfPfc6c

Score

10^/10

crimsonrat

Malware Config

Signatures

CrimsonRAT main payload 1 IoCs

Processes:

resource yara_rule

sample family_crimsonrat
Crimsonrat family
crimsonrat

resource	yara_rule
sample	family_crimsonrat

Files

ca74472613129855bd7fc79c4a245a2f27de85086cfd191506f1c9906b9ae460.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

33:00:00:02:52:8b:33:aa:f8:95:f3:39:db:00:00:00:00:02:52
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-09-2021 18:32

Not After

01-09-2022 18:32

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ee:2f:cb:1e:c2:ea:6b:15:5e:f8:20:db:34:e8:90:7d:9d:00:e5:41:dc:24:5b:2d:71:af:a8:98:da:aa:18:ff
Signer

Actual PE Digest

ee:2f:cb:1e:c2:ea:6b:15:5e:f8:20:db:34:e8:90:7d:9d:00:e5:41:dc:24:5b:2d:71:af:a8:98:da:aa:18:ff

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

06-10-2022 12:19
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 9.6MB - Virtual size: 9.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

33:00:00:02:52:8b:33:aa:f8:95:f3:39:db:00:00:00:00:02:52Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

ee:2f:cb:1e:c2:ea:6b:15:5e:f8:20:db:34:e8:90:7d:9d:00:e5:41:dc:24:5b:2d:71:af:a8:98:da:aa:18:ffSigner

Signature Validations

Verification

06-10-2022 12:19 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 9.6MB - Virtual size: 9.6MB

.rsrc Size: 37KB - Virtual size: 36KB

.reloc Size: 512B - Virtual size: 12B

33:00:00:02:52:8b:33:aa:f8:95:f3:39:db:00:00:00:00:02:52
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

ee:2f:cb:1e:c2:ea:6b:15:5e:f8:20:db:34:e8:90:7d:9d:00:e5:41:dc:24:5b:2d:71:af:a8:98:da:aa:18:ff
Signer

06-10-2022 12:19
Valid: false

.text
Size: 9.6MB - Virtual size: 9.6MB

.rsrc
Size: 37KB - Virtual size: 36KB

.reloc
Size: 512B - Virtual size: 12B