General
-
Target
The Deads Revenge.zip
-
Size
103.4MB
-
Sample
240708-zskams1cjh
-
MD5
07ca675aa8522462f9fc910b8928ed4c
-
SHA1
32ba71e5613f12020030d443796420ac62882a97
-
SHA256
a56f0dad9e24a4d7753de5ea9b5db4bc8e2ecc8b78381f87f31ed13109414e03
-
SHA512
13a5ffddae459f20de69e93f2a8fa5fcafe9a1cd4e06aa05c1b5456677a71a47eeacd341fbd5056c126056cc2447e39e29618469bebab7885c36bf5b0faac54c
-
SSDEEP
3145728:6rK45Vxi6potyOWE11Nnvx2W7ej6GDeAzjBOPCTn:6rZniz8OrDvx17S6YeAzjBOPCj
Behavioral task
behavioral1
Sample
The Deads Revenge.exe
Resource
win10v2004-20240704-en
Malware Config
Extracted
crimsonrat
185.136.161.124
Targets
-
-
Target
The Deads Revenge.exe
-
Size
104.1MB
-
MD5
53cef85542a906baaaecd4ba69b36a88
-
SHA1
ac3794aedb39edde36deb359b2f3dfd3519c55db
-
SHA256
62cb74ffaa717c197cff301a177b079ab863720cb5c86d7d0bc5edb480026930
-
SHA512
b119b67cf9ef76f24d58ca64016df448e611fa78ff60f90977acc4b7798e119c2bb2304037560bb2fef7369de3e0e2e68b8fc8a138fe3afcd841ccaf428c97af
-
SSDEEP
3145728:A6gYRPSC++6y9Jk7pLX5M3gbcKC9/nX3SEv2x6:xxaC4y9eVLE2C9/HSEv2
Score10/10-
CrimsonRAT main payload
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-