crimsonrat | a3e76ecc8bb072355f3007af38d7645b880c9c9572cf7873bacefa6376d6495c | Triage

Sharing

General

Target

e05cfdcd11105776fb13edd620795551.bin
Size

3.6MB
Sample

231212-fhmhgafbhk
MD5

d8029452fd5c4f3d37810cf48344f50a
SHA1

cfc2911ddeb3ac6051f194a5086f94b4ed1b2a1b
SHA256

a3e76ecc8bb072355f3007af38d7645b880c9c9572cf7873bacefa6376d6495c
SHA512

a65e8fda4e4b160fcd53c1690f966bccc7ee36ec2e68bc32a3ad607e3a778550da94b38a4fa353c841e6e37a632738ad2ca221a4e489fa1cb49169ac3cdf2b87
SSDEEP

49152:+MFBGH5UUt9KPUKgPbjcwbAvH8iJ67euEPxKddjh9dYYSRyflvpOksHAv1e2e/HN:+M/SKifPb4wbAzJ3wF001y/1HP

Score

10^/10

crimsonrat macro macro_on_action rat

Malware Config

Extracted

Family

crimsonrat

C2

204.44.124.81

Targets

- Target
  
  da298e4d09a9e151c6bf60e8ebfdd8fc2e633d078c705db768e3284acdad0678.zip
- Size
  
  3.6MB
- MD5
  
  e05cfdcd11105776fb13edd620795551
- SHA1
  
  5b4584c6a419b08bb107e274d0ed2f24411ddbcc
- SHA256
  
  da298e4d09a9e151c6bf60e8ebfdd8fc2e633d078c705db768e3284acdad0678
- SHA512
  
  925df1bf84404597bddb82db83896206435aaaca39a62846abe3ce3b1dbddc9b198f7caf76eac7294384682f49c0057d12b0b5ac81383f6ee8f51138781e4519
- SSDEEP
  
  98304:/S/mMAQoSERBI9w//t2M7rv/GkBqAnimQNX:LM/tQI9wXt2MjGEqAnINX
Score

1^/10
behavioral1 behavioral2
- Target
  
  oleObject1.bin
- Size
  
  16.9MB
- MD5
  
  55b3cfd78d9e2624d769acdfc5522753
- SHA1
  
  38a7f5b0ca7f508497bbfb42d32184b001367308
- SHA256
  
  504c7549caa901ca24a04915fe221236b3f41c947c7857c9d4634f3dbe31592e
- SHA512
  
  c1268ce97ad5c3f242ab78aeefb93fdbb06c693a149927240041c88db93ddb427d277459273b035263ae344da42044b3f449af0235310c547a437b14c869d608
- SSDEEP
  
  768:eaQjTpc2IVZM23zLnh8nLZ7FLOMaabW8FqZRGT7O:ZQjTpcpZM23PhqLZ7YmxY7c
Score

10^/10

crimsonrat rat
- CrimsonRat
  Crimson RAT is a malware linked to a Pakistani-linked threat actor.
  rat crimsonrat
behavioral3 behavioral4
- Target
  
  ppt\embeddings\oleObject3.bin
- Size
  
  3.6MB
- MD5
  
  e05414f0c31fcc790865211d4621cafc
- SHA1
  
  f3ff1a04240cfc13fb8923524e97801de9c8f476
- SHA256
  
  897d5630dc26aaad5f37fbcf01bbc73636fa64aa19e12f75790d0ad2ee41117a
- SHA512
  
  67be52ebb5054e4c32381f30050b249671a30223eb0134bf8dadb34016b6b36fd4941b6655102bc905ca4f4cb7e4fe79b98ee2acc3a2f0e98b8c1ff22411310a
- SSDEEP
  
  49152:zzM44yKxt9oC57hwoooQzPYdqW2n9gAdPCsZGo4f+7Aa66M5etPC1rvPZlRiGVdb:zAdyKxt9o4gDzPYmFpdO+7/o93iGDJN
Score

1^/10
behavioral5 behavioral6
- Target
  
  ppt\vbaProject.bin
- Size
  
  18KB
- MD5
  
  79d8eef6898ea0a2c7b1f48728ed5936
- SHA1
  
  d72a0cb2c7e44ccef4b4fc823f99daf7b1f575fe
- SHA256
  
  c8a2a44b8e35811f9e7f6ab4501c75743605b718a80b4ee97ba00b82cb9b7bd8
- SHA512
  
  5c9de8c293944b652aa8eac99bdddfb9a7d35c8f6f8cec1f06321f119d87e412d182eb740cca0ba213e44c5ed8e2dbd14aa1a1cd9757aa9090bebc2224c89c81
- SSDEEP
  
  192:WNG+sw7nftdZYMYilYx/1UTID55UGO2/2rRjuzsoHon9a:Wgrw7nFdCPLxtUT05yjIon
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

macromacro_on_actioncrimsonrat

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8