crimsonrat | be8ad3c1c5d51fb5d29815a1b589f821ccb079649e4921c5925393c5a71b4540 | Triage

Sharing

General

Target

2866daf2b59d9c34c891838c6bc10fb9
Size

102KB
Sample

231231-e756fachfp
MD5

2866daf2b59d9c34c891838c6bc10fb9
SHA1

40ed0748dd9302a36ad6ea579f9ebffa2bacd7c4
SHA256

be8ad3c1c5d51fb5d29815a1b589f821ccb079649e4921c5925393c5a71b4540
SHA512

6a8325d07798d5475ef22d11a37a43105e006f0e88d1176e8e61cce5e8ab4c2f9a4f3c1c824839bf4f817d1f2fa22940ec0756f5da394ba63705f66f1f182616
SSDEEP

3072:iYcdZ28O5VIUUtxESoGxdHdyg2I/0nr1oEi:VEZcPIUkxESNYW

Score

10^/10

crimsonrat persistence rat

Malware Config

Extracted

Family

crimsonrat

C2

167.160.166.80

Targets

- Target
  
  2866daf2b59d9c34c891838c6bc10fb9
- Size
  
  102KB
- MD5
  
  2866daf2b59d9c34c891838c6bc10fb9
- SHA1
  
  40ed0748dd9302a36ad6ea579f9ebffa2bacd7c4
- SHA256
  
  be8ad3c1c5d51fb5d29815a1b589f821ccb079649e4921c5925393c5a71b4540
- SHA512
  
  6a8325d07798d5475ef22d11a37a43105e006f0e88d1176e8e61cce5e8ab4c2f9a4f3c1c824839bf4f817d1f2fa22940ec0756f5da394ba63705f66f1f182616
- SSDEEP
  
  3072:iYcdZ28O5VIUUtxESoGxdHdyg2I/0nr1oEi:VEZcPIUkxESNYW
Score

10^/10

crimsonrat persistence rat
- CrimsonRat
  Crimson RAT is a malware linked to a Pakistani-linked threat actor.
  rat crimsonrat
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

crimsonratpersistencerat

behavioral2