Resubmissions

20-05-2024 00:37

240520-ayqxyabc43 7

20-05-2024 00:28

240520-ashpdaah67 8

General

  • Target

    CrimsonSetup.exe

  • Size

    4.3MB

  • Sample

    240520-ashpdaah67

  • MD5

    13066f61cf7ea3aff9446ea5c192ab8a

  • SHA1

    4b44eb065d73b720d3534506b534a792b3b0cecb

  • SHA256

    09a986671e38d242325d5917683cfb73e413f1baaf68ef0bdd9c40d33ed92b2f

  • SHA512

    c56c3db8845545062da20c07b847065f6eda3549f30e29a9c92010c56440dbdb152bb159587617a297cfc7ec9297ad82027dd030a532d49ea8b5c72f3cc779fb

  • SSDEEP

    98304:pAI+4y2LXAJAvp2YRWkIxMag3me34GXrI80HcGFP9c04MN:it4KJkxug/3FXs0GB6N+

Score
8/10

Malware Config

Targets

    • Target

      CrimsonSetup.exe

    • Size

      4.3MB

    • MD5

      13066f61cf7ea3aff9446ea5c192ab8a

    • SHA1

      4b44eb065d73b720d3534506b534a792b3b0cecb

    • SHA256

      09a986671e38d242325d5917683cfb73e413f1baaf68ef0bdd9c40d33ed92b2f

    • SHA512

      c56c3db8845545062da20c07b847065f6eda3549f30e29a9c92010c56440dbdb152bb159587617a297cfc7ec9297ad82027dd030a532d49ea8b5c72f3cc779fb

    • SSDEEP

      98304:pAI+4y2LXAJAvp2YRWkIxMag3me34GXrI80HcGFP9c04MN:it4KJkxug/3FXs0GB6N+

    Score
    8/10
    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks