Overview

overview

10

Static

static

8

386ed7ba50...ef.xls

windows7-x64

10

386ed7ba50...ef.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    386ed7ba502e7bf0e60c546476c1c762cbc951eb2a2ba1f5b505be08d60310ef

  • Size

    401KB

  • Sample

    240410-mefdbafc6y

  • MD5

    02ba9703d1f250b411ea4c868d17fd2e

  • SHA1

    27d7eab43b66abd73cdc8da304dbb2daa9842df0

  • SHA256

    386ed7ba502e7bf0e60c546476c1c762cbc951eb2a2ba1f5b505be08d60310ef

  • SHA512

    c2803749c6dd777f02312ee635c12930082343eab4153c3691cf8bcfe8ec0925d134e094bffee2ceb918a58d59176f07b43fb7b0ba8573325a63eefca487f24c

  • SSDEEP

    6144:QxEtjPOtioVjDGUU1qfDlavx+W2QnADP:e

Score
10/10
crimsonratmacromacro_on_actionrat

Malware Config

Extracted

Family

crimsonrat

C2

95.168.176.141

111.115.60.18

Targets

    • Target

      386ed7ba502e7bf0e60c546476c1c762cbc951eb2a2ba1f5b505be08d60310ef

    • Size

      401KB

    • MD5

      02ba9703d1f250b411ea4c868d17fd2e

    • SHA1

      27d7eab43b66abd73cdc8da304dbb2daa9842df0

    • SHA256

      386ed7ba502e7bf0e60c546476c1c762cbc951eb2a2ba1f5b505be08d60310ef

    • SHA512

      c2803749c6dd777f02312ee635c12930082343eab4153c3691cf8bcfe8ec0925d134e094bffee2ceb918a58d59176f07b43fb7b0ba8573325a63eefca487f24c

    • SSDEEP

      6144:QxEtjPOtioVjDGUU1qfDlavx+W2QnADP:e

    Score
    10/10
    crimsonratrat

    • CrimsonRAT main payload

    • CrimsonRat

      Crimson RAT is a malware linked to a Pakistani-linked threat actor.

      ratcrimsonrat

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks