crimsonrat | e38c39e302de158d22e8d0ba9cd6cc9368817bc611418a5777d00b90a9341404 | Triage

Sharing

General

Target

e38c39e302de158d22e8d0ba9cd6cc9368817bc611418a5777d00b90a9341404.docm
Size

4.6MB
Sample

240814-khxewsxekn
MD5

22ce9042f6f78202c6c346cef1b6e532
SHA1

b67712125dce3f8b5d197fcc46aaf627da2fb7eb
SHA256

e38c39e302de158d22e8d0ba9cd6cc9368817bc611418a5777d00b90a9341404
SHA512

0337aefbfd63ff8081d75d552ec28cfbb4d5b710d32051dc7929796d7a24a4b19e9b17a255f7c7b1706d3c91286f19edc473b97f3fef695f2b0c0de060afb865
SSDEEP

98304:JWnSXYZsDL1nxNUQfbqKh1nshu8JOH0sLbl9t0/ZwiwrYSMlGortsUDIS7JuLYsa:0niUs39sQeK8uY+Jl9MZwdrDMlGorts2

Score

10^/10

crimsonrat rat

Malware Config

Extracted

Family

crimsonrat

C2

162.245.191.217

Targets

- Target
  
  e38c39e302de158d22e8d0ba9cd6cc9368817bc611418a5777d00b90a9341404.docm
- Size
  
  4.6MB
- MD5
  
  22ce9042f6f78202c6c346cef1b6e532
- SHA1
  
  b67712125dce3f8b5d197fcc46aaf627da2fb7eb
- SHA256
  
  e38c39e302de158d22e8d0ba9cd6cc9368817bc611418a5777d00b90a9341404
- SHA512
  
  0337aefbfd63ff8081d75d552ec28cfbb4d5b710d32051dc7929796d7a24a4b19e9b17a255f7c7b1706d3c91286f19edc473b97f3fef695f2b0c0de060afb865
- SSDEEP
  
  98304:JWnSXYZsDL1nxNUQfbqKh1nshu8JOH0sLbl9t0/ZwiwrYSMlGortsUDIS7JuLYsa:0niUs39sQeK8uY+Jl9MZwdrDMlGorts2
Score

10^/10

crimsonrat rat
- CrimsonRat
  Crimson RAT is a malware linked to a Pakistani-linked threat actor.
  rat crimsonrat
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1