crimsonrat | dbb9168502e819619e94d9dc211d5f4967d8083ac5f4f67742b926abb04e6676 | Triage

Submit
Reports

Overview

overview

Static

static

8

dbb9168502...76.doc

windows7-x64

dbb9168502...76.doc

windows10-2004-x64

Sharing

General

Target

dbb9168502e819619e94d9dc211d5f4967d8083ac5f4f67742b926abb04e6676
Size

790KB
Sample

240410-rtcyysec2w
MD5

c7a3276763a5c1b13f93028aab5a6e73
SHA1

c2844b69a36b3be37f8db97b0afc051f6bf36671
SHA256

dbb9168502e819619e94d9dc211d5f4967d8083ac5f4f67742b926abb04e6676
SHA512

2ef8d3eb3f1368591666d9f85dddb210c05fe16569f3553086f42d7b82133669c5a9e7fe1263407bb54bb9f75216ef9fcb78348427e334ef74afd6e3f429c01a
SSDEEP

3072:PkWc08tG41FHiopEomJ9/GuloC5pUAn0YoKpbqZSvYYzU6lXHaym97m/EE3fzLvd:PkA

Score

10^/10

crimsonrat macro macro_on_action rat

Static task

static1

macro macro_on_action

2 signatures

Behavioral task

behavioral1

Sample

dbb9168502e819619e94d9dc211d5f4967d8083ac5f4f67742b926abb04e6676.doc

Resource

win7-20240221-en

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

dbb9168502e819619e94d9dc211d5f4967d8083ac5f4f67742b926abb04e6676.doc

Resource

win10v2004-20240226-en

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

crimsonrat

C2

151.106.14.125

211.210.122.154

Targets

- Target
  
  dbb9168502e819619e94d9dc211d5f4967d8083ac5f4f67742b926abb04e6676
- Size
  
  790KB
- MD5
  
  c7a3276763a5c1b13f93028aab5a6e73
- SHA1
  
  c2844b69a36b3be37f8db97b0afc051f6bf36671
- SHA256
  
  dbb9168502e819619e94d9dc211d5f4967d8083ac5f4f67742b926abb04e6676
- SHA512
  
  2ef8d3eb3f1368591666d9f85dddb210c05fe16569f3553086f42d7b82133669c5a9e7fe1263407bb54bb9f75216ef9fcb78348427e334ef74afd6e3f429c01a
- SSDEEP
  
  3072:PkWc08tG41FHiopEomJ9/GuloC5pUAn0YoKpbqZSvYYzU6lXHaym97m/EE3fzLvd:PkA
Score

10^/10

crimsonrat rat
- CrimsonRAT main payload
- CrimsonRat
  Crimson RAT is a malware linked to a Pakistani-linked threat actor.
  rat crimsonrat
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

macromacro_on_action

behavioral1

behavioral2

© 2018-2024

Terms | Privacy