crimsonrat | oleObject1[.]zip

General

Target

oleObject1.zip
Size

4.6MB
MD5

e31ac765d1e97698bc1efe443325e497
SHA1

930e2525c58d7509826be955f6d24b24370f7b25
SHA256

ce556d55e07bf6b57e3e086e57e9c52552ac7f00adf4a7c9f99bbc21a5ac26c2
SHA512

d11088e02895452a1af0df8e47449aa3150fa8c3c671bf2cd75a45c3e17ad816686dd765b7734d3310d55756ee50db3d5312e89259a10987d4bfe8354b4c98d1
SSDEEP

98304:NYbWb6xADjz3FBUiDVIyXLlgjkKhixejHb5LD6pdwk4rWso10+NJwUVIm/JCdK+l:ibuQAHjAiqy2kymu5LadwFrLo10+NJwl

Score

10^/10

crimsonrat

Malware Config

Extracted

Family

crimsonrat

C2

162.245.191.217

Signatures

Crimsonrat family
crimsonrat

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/oleObject1.bin
unpack001/oleObject2.bin

Files

oleObject1.zip
.zip
oleObject1.bin
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 11.5MB - Virtual size: 11.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 337KB - Virtual size: 337KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
oleObject2.bin
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 11.5MB - Virtual size: 11.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 337KB - Virtual size: 337KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 11.5MB - Virtual size: 11.5MB

.rsrc Size: 337KB - Virtual size: 337KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 11.5MB - Virtual size: 11.5MB

.rsrc Size: 337KB - Virtual size: 337KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 11.5MB - Virtual size: 11.5MB

.rsrc
Size: 337KB - Virtual size: 337KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 11.5MB - Virtual size: 11.5MB

.rsrc
Size: 337KB - Virtual size: 337KB

.reloc
Size: 512B - Virtual size: 12B