Extracted

• • Target

    Guidelines.xlam

  • Size

    127KB

  • MD5

    e0f6bcdb71df502f7aefe22db8207a69

  • SHA1

    9f7357219cbfb5b940d5809f8564a6bb821fa036

  • SHA256

    0335de8eadbbd5dc7cbe92ef869bcea6f6596ac39a38680142c982ec6e97ecde

  • SHA512

    ea9fc5fe2bcd8a225c7f7f7b8ea832e3d143278a07c6264edaf9476fb5e7852efdd9b3dbcde6e211ccb1e6d011b11845def65af58e9298a01b3067a05200d7cc

  • SSDEEP

    3072:NDKcDiVBG5Q0fULY/fPiY4XXnfWFsnNfWSWe:NDDD0BGCY/fkXvTNf5

  Score

  10^/10

  crimsonratrat

  • CrimsonRAT main payload

  • CrimsonRat

    Crimson RAT is a malware linked to a Pakistani-linked threat actor.

    ratcrimsonrat

  • Executes dropped EXE

  • Loads dropped DLL

  • Process spawned suspicious child process

    This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

  behavioral1behavioral2