crimsonrat | 4bf92841621b08ec1796fa380fd71bd9f6fec65b923aec1dbd5b074f062eaf21 | Triage

Submit
Reports

Overview

overview

Static

static

3

Koid.exe

windows11-21h2-x64

Sharing

General

Target

Koid.exe
Size

1.5MB
Sample

240229-wvnt3agf2y
MD5

15ec276e3c1d3d757eed8698c59c1095
SHA1

28be0d3db48ef6423c2c4e222f5f949b8ed6e845
SHA256

4bf92841621b08ec1796fa380fd71bd9f6fec65b923aec1dbd5b074f062eaf21
SHA512

467196ee35523d4a24bd3746a9785040e092e4aba096c4e342ce1dfe2a9c3b1ca61f207b4581ac97a3861f12f714581854339727681aba1ba93d8e36ef9eb671
SSDEEP

24576:u06LkHhLdZYQVoNVePYOEOKTyBHJsXoAFWlT4Adw/u1/XFlwTUOcA5qmr37Pn6:unkHhLdpPYO1M+Brgdhwmzrn6

Score

10^/10

crimsonrat aspackv2 persistence rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Koid.exe

Resource

win11-20240221-en

crimsonrat aspackv2 persistence rat

windows11-21h2-x64

18 signatures

1800 seconds

Malware Config

Extracted

Family

crimsonrat

C2

185.136.161.124

Targets

- Target
  
  Koid.exe
- Size
  
  1.5MB
- MD5
  
  15ec276e3c1d3d757eed8698c59c1095
- SHA1
  
  28be0d3db48ef6423c2c4e222f5f949b8ed6e845
- SHA256
  
  4bf92841621b08ec1796fa380fd71bd9f6fec65b923aec1dbd5b074f062eaf21
- SHA512
  
  467196ee35523d4a24bd3746a9785040e092e4aba096c4e342ce1dfe2a9c3b1ca61f207b4581ac97a3861f12f714581854339727681aba1ba93d8e36ef9eb671
- SSDEEP
  
  24576:u06LkHhLdZYQVoNVePYOEOKTyBHJsXoAFWlT4Adw/u1/XFlwTUOcA5qmr37Pn6:unkHhLdpPYO1M+Brgdhwmzrn6
Score

10^/10

crimsonrat aspackv2 persistence rat
- CrimsonRAT main payload
- CrimsonRat
  Crimson RAT is a malware linked to a Pakistani-linked threat actor.
  rat crimsonrat
- Downloads MZ/PE file
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

crimsonrataspackv2persistencerat

© 2018-2024

Terms | Privacy