crimsonrat | 0d61d5fe8dbf69c6e61771451212fc8e587d93246bd866adf1031147d6d4f8c2 | Triage

Submit
Reports

Overview

overview

Static

static

1

0d61d5fe8d...2.ppam

windows7-x64

0d61d5fe8d...2.ppam

windows10-2004-x64

Sharing

General

Target

0d61d5fe8dbf69c6e61771451212fc8e587d93246bd866adf1031147d6d4f8c2
Size

396KB
Sample

240410-lh5a6sag29
MD5

70635541c80cd5a237ff789abcce4e27
SHA1

69639bccfdfc319d64ab89d5ee03d29f6f6133a7
SHA256

0d61d5fe8dbf69c6e61771451212fc8e587d93246bd866adf1031147d6d4f8c2
SHA512

8470f9581032dca01aacd5ca55974d56bc34d652fc1b2f25883002d5c28330b2ce04fe69031d72e3b3d4e2fd058c32263af538d64f3e23757ff350d70d6f7867
SSDEEP

6144:ilRaWUni3pcJi9U+K/mpL0IfyzvfJ1vC53oPWVkuKsxkx:OUWOUXq+emC3Trq9Elskx

Score

10^/10

crimsonrat rat

Static task

static1

Behavioral task

behavioral1

Sample

0d61d5fe8dbf69c6e61771451212fc8e587d93246bd866adf1031147d6d4f8c2.ppam

Resource

win7-20240221-en

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

0d61d5fe8dbf69c6e61771451212fc8e587d93246bd866adf1031147d6d4f8c2.ppam

Resource

win10v2004-20240226-en

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

crimsonrat

C2

192.3.99.68

Targets

- Target
  
  0d61d5fe8dbf69c6e61771451212fc8e587d93246bd866adf1031147d6d4f8c2
- Size
  
  396KB
- MD5
  
  70635541c80cd5a237ff789abcce4e27
- SHA1
  
  69639bccfdfc319d64ab89d5ee03d29f6f6133a7
- SHA256
  
  0d61d5fe8dbf69c6e61771451212fc8e587d93246bd866adf1031147d6d4f8c2
- SHA512
  
  8470f9581032dca01aacd5ca55974d56bc34d652fc1b2f25883002d5c28330b2ce04fe69031d72e3b3d4e2fd058c32263af538d64f3e23757ff350d70d6f7867
- SSDEEP
  
  6144:ilRaWUni3pcJi9U+K/mpL0IfyzvfJ1vC53oPWVkuKsxkx:OUWOUXq+emC3Trq9Elskx
Score

10^/10

crimsonrat rat
- CrimsonRat
  Crimson RAT is a malware linked to a Pakistani-linked threat actor.
  rat crimsonrat
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy