Overview

overview

10

Static

static

10

da298e4d09...78.zip

windows7-x64

1

da298e4d09...78.zip

windows10-2004-x64

1

oleObject1.exe

windows7-x64

10

oleObject1.exe

windows10-2004-x64

10

ppt\embedd...3.pptx

windows7-x64

1

ppt\embedd...3.pptx

windows10-2004-x64

1

ppt\vbaProject.doc

windows7-x64

1

ppt\vbaProject.doc

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e05cfdcd11105776fb13edd620795551.bin

  • Size

    3.6MB

  • MD5

    d8029452fd5c4f3d37810cf48344f50a

  • SHA1

    cfc2911ddeb3ac6051f194a5086f94b4ed1b2a1b

  • SHA256

    a3e76ecc8bb072355f3007af38d7645b880c9c9572cf7873bacefa6376d6495c

  • SHA512

    a65e8fda4e4b160fcd53c1690f966bccc7ee36ec2e68bc32a3ad607e3a778550da94b38a4fa353c841e6e37a632738ad2ca221a4e489fa1cb49169ac3cdf2b87

  • SSDEEP

    49152:+MFBGH5UUt9KPUKgPbjcwbAvH8iJ67euEPxKddjh9dYYSRyflvpOksHAv1e2e/HN:+M/SKifPb4wbAzJ3wF001y/1HP

Score
10/10
macromacro_on_actioncrimsonrat

Malware Config

Extracted

Family

crimsonrat

C2

204.44.124.81

Signatures

  • Crimsonrat family
    crimsonrat
  • Office macro that triggers on suspicious action 1 IoCs

    Office document macro which triggers in special circumstances - often malicious.

    macromacro_on_action
  • Suspicious Office macro 1 IoCs

    Office document equipped with macros.

    macro
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • e05cfdcd11105776fb13edd620795551.bin
    .zip

    Password: infected

  • da298e4d09a9e151c6bf60e8ebfdd8fc2e633d078c705db768e3284acdad0678.zip
    .ppam .zip office2007

    Password: infected

  • [Content_Types].xml
    .xml
  • _rels\.rels
    .xml
  • ppt\_rels\presentation.xml.rels
    .xml
  • ppt\embeddings\oleObject1.bin
    .zip

    Password: infected

  • oleObject1.zip
    .zip

    Password: infected

  • oleObject1.bin
    .exe windows:4 windows x86 arch:x86

    Password: infected

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • ppt\embeddings\oleObject3.bin
    .pptx office2007
  • ppt\vbaProject.bin
    .doc windows office2003

    Module1