crimsonrat | 240202-r9txeagfe6_pw_infected[.]zip

General

Target

240202-r9txeagfe6_pw_infected.zip
Size

2.4MB
MD5

e638808926fca58b1d98e16f8c735ff4
SHA1

d4afd529e4e62547c9bf0a65a882b585d569c1ca
SHA256

47817a270025ca718a26ff6c2f6fcb445319e67ca07d401779210cc84051c03e
SHA512

afa81653af53a2a5f4657c4cf7bc658872abbfee9903d89db5e7baac00762ee30dc76d405f552031740913e21368913107170910211c7dbebe6bdc2d31817856
SSDEEP

49152:rDgDxzEAIRAFiPM4UYpLrhPkyAzxOOnG6hcb0UWCczu3KpGgI8JKJ+yQPI1EXBvi:rVgoM4Nr+yAJnDa0UWvu6pGgI8JA+yWE

Score

10^/10

crimsonrat

Family

crimsonrat

C2

164.68.122.64

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack002/e87978f0af9bb550ab4686a7d3657e6cbfd92347744dfce8ff2321781ac2eee0.exe

240202-r9txeagfe6_pw_infected.zip
.zip

Password: infected
e87978f0af9bb550ab4686a7d3657e6cbfd92347744dfce8ff2321781ac2eee0.zip
.zip

Password: infected
e87978f0af9bb550ab4686a7d3657e6cbfd92347744dfce8ff2321781ac2eee0.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\itmvroidovs\itmvroidovs\obj\Debug\itmvroidovs.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 18.6MB - Virtual size: 18.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ