crimsonrat | 386ed7ba502e7bf0e60c546476c1c762cbc951eb2a2ba1f5b505be08d60310ef | Triage

Submit
Reports

Overview

overview

Static

static

8

386ed7ba50...ef.xls

windows7-x64

386ed7ba50...ef.xls

windows10-2004-x64

Sharing

General

Target

386ed7ba502e7bf0e60c546476c1c762cbc951eb2a2ba1f5b505be08d60310ef
Size

401KB
Sample

240410-mefdbafc6y
MD5

02ba9703d1f250b411ea4c868d17fd2e
SHA1

27d7eab43b66abd73cdc8da304dbb2daa9842df0
SHA256

386ed7ba502e7bf0e60c546476c1c762cbc951eb2a2ba1f5b505be08d60310ef
SHA512

c2803749c6dd777f02312ee635c12930082343eab4153c3691cf8bcfe8ec0925d134e094bffee2ceb918a58d59176f07b43fb7b0ba8573325a63eefca487f24c
SSDEEP

6144:QxEtjPOtioVjDGUU1qfDlavx+W2QnADP:e

Score

10^/10

crimsonrat macro macro_on_action rat

Static task

static1

macro macro_on_action

2 signatures

Behavioral task

behavioral1

Sample

386ed7ba502e7bf0e60c546476c1c762cbc951eb2a2ba1f5b505be08d60310ef.xls

Resource

win7-20240221-en

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

386ed7ba502e7bf0e60c546476c1c762cbc951eb2a2ba1f5b505be08d60310ef.xls

Resource

win10v2004-20240226-en

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

crimsonrat

C2

95.168.176.141

111.115.60.18

Targets

- Target
  
  386ed7ba502e7bf0e60c546476c1c762cbc951eb2a2ba1f5b505be08d60310ef
- Size
  
  401KB
- MD5
  
  02ba9703d1f250b411ea4c868d17fd2e
- SHA1
  
  27d7eab43b66abd73cdc8da304dbb2daa9842df0
- SHA256
  
  386ed7ba502e7bf0e60c546476c1c762cbc951eb2a2ba1f5b505be08d60310ef
- SHA512
  
  c2803749c6dd777f02312ee635c12930082343eab4153c3691cf8bcfe8ec0925d134e094bffee2ceb918a58d59176f07b43fb7b0ba8573325a63eefca487f24c
- SSDEEP
  
  6144:QxEtjPOtioVjDGUU1qfDlavx+W2QnADP:e
Score

10^/10

crimsonrat rat
- CrimsonRAT main payload
- CrimsonRat
  Crimson RAT is a malware linked to a Pakistani-linked threat actor.
  rat crimsonrat
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

macromacro_on_action

behavioral1

behavioral2

© 2018-2024

Terms | Privacy