Extracted

• • Target

    Zero.exe

  • Size

    17.9MB

  • MD5

    2998f4003a3e6f71c2bed6f03c41010a

  • SHA1

    b84576dc70782fd5611bb2b7823322d5b54dae59

  • SHA256

    765a8be97a33e9c9dd98f186fe9088b7baafa2900dc706d15d23544b5189ff80

  • SHA512

    82adf8b7e92ed13c7844cf04714c15e8e320966504b4d26479f6cee7171c7cf1932fc0830764ba6b0279e64974fbd05bde629288add7f7108a720342d8c773b6

  • SSDEEP

    196608:ORcji51nFGAsxIBTKGu+4xIA/HEaFBheW4+SbI2oenTFLdT:OG251FGAsxevuxx3/KT+SbIZE

  Score

  10^/10

  crimsonratevasionpersistenceransomwarerattrojan

  • CrimsonRAT main payload

  • CrimsonRat

    Crimson RAT is a malware linked to a Pakistani-linked threat actor.

    ratcrimsonrat

  • Modifies WinLogon for persistence

    persistence

  • UAC bypass

    evasiontrojan

  • Disables RegEdit via registry modification

    evasion

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Drops desktop.ini file(s)

  • Legitimate hosting services abused for malware hosting/C2

  • Sets desktop wallpaper using registry

    ransomware
  behavioral1