crimsonrat | da298e4d09a9e151c6bf60e8ebfdd8fc2e633d078c705db768e3284acdad0678 | Triage

Sharing

General

Target

Revised Posting Policy Offrs by HQ Dec 2023 final.ppam
Size

3.6MB
Sample

231210-1nk7tadbfq
MD5

e05cfdcd11105776fb13edd620795551
SHA1

5b4584c6a419b08bb107e274d0ed2f24411ddbcc
SHA256

da298e4d09a9e151c6bf60e8ebfdd8fc2e633d078c705db768e3284acdad0678
SHA512

925df1bf84404597bddb82db83896206435aaaca39a62846abe3ce3b1dbddc9b198f7caf76eac7294384682f49c0057d12b0b5ac81383f6ee8f51138781e4519
SSDEEP

98304:/S/mMAQoSERBI9w//t2M7rv/GkBqAnimQNX:LM/tQI9wXt2MjGEqAnINX

Score

10^/10

crimsonrat rat

Malware Config

Extracted

Family

crimsonrat

C2

204.44.124.81

Targets

- Target
  
  Revised Posting Policy Offrs by HQ Dec 2023 final.ppam
- Size
  
  3.6MB
- MD5
  
  e05cfdcd11105776fb13edd620795551
- SHA1
  
  5b4584c6a419b08bb107e274d0ed2f24411ddbcc
- SHA256
  
  da298e4d09a9e151c6bf60e8ebfdd8fc2e633d078c705db768e3284acdad0678
- SHA512
  
  925df1bf84404597bddb82db83896206435aaaca39a62846abe3ce3b1dbddc9b198f7caf76eac7294384682f49c0057d12b0b5ac81383f6ee8f51138781e4519
- SSDEEP
  
  98304:/S/mMAQoSERBI9w//t2M7rv/GkBqAnimQNX:LM/tQI9wXt2MjGEqAnINX
Score

10^/10

crimsonrat rat
- CrimsonRat
  Crimson RAT is a malware linked to a Pakistani-linked threat actor.
  rat crimsonrat
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2