crimsonrat | 503d4b9bd0a158dbfd9179ac51341404f32f9fc1765d375f4c92eb7d0ed8ba18

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22-12-2023 07:20

Target

SecuriteInfo.com.BackDoor.CrimsonNET.14.26407.16542.exe
Size

16.9MB
MD5

b4008dc1b878578905f1a01d2938c8ea
SHA1

2f7fd3f24c7ff9aaab6a22a15cb5951adc80958b
SHA256

503d4b9bd0a158dbfd9179ac51341404f32f9fc1765d375f4c92eb7d0ed8ba18
SHA512

c91b11b702baaf4e45e4dc6271070e1f68259bc0f33e189f78fe5bd4ab0cae45ba44aa92393abadbb4cee23bfa60abee23aaf5d9edd574aa5d7a0bc9db1c322d
SSDEEP

768:RaijTpc2IV5M2/Ph8nLZ7FtOMakbW8FqZRQT8O:YijTpcp5M2RqLZ72YxY7F

Score

10^/10

crimsonrat rat

Family

crimsonrat

167.160.166.1

CrimsonRat
Crimson RAT is a malware linked to a Pakistani-linked threat actor.
rat crimsonrat

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.BackDoor.CrimsonNET.14.26407.16542.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.BackDoor.CrimsonNET.14.26407.16542.exe"
1⤵
PID:2532

memory/2532-2-0x000000001C5C0000-0x000000001C640000-memory.dmp

Filesize
512KB

Download
memory/2532-1-0x0000000000A50000-0x0000000001B40000-memory.dmp

Filesize
16.9MB

Download
memory/2532-0-0x000007FEF5990000-0x000007FEF637C000-memory.dmp

Filesize
9.9MB

Download
memory/2532-3-0x000007FEF5990000-0x000007FEF637C000-memory.dmp

Filesize
9.9MB

Download
memory/2532-4-0x000000001C5C0000-0x000000001C640000-memory.dmp

Filesize
512KB

Download