crimsonrat | ea277f3d1af0d063b093aa6b1d74de1460c68c43b2656760e0dd86c3f1d8e50d | Triage

Submit
Reports

Overview

overview

Static

static

1

download.png

windows10-2004-x64

Sharing

General

Target

download.png
Size

4KB
Sample

241001-xx3lnszckb
MD5

53be45ec1a8da5bf21e4af595221cd6e
SHA1

78fe5f060e9ac3a34d16d0fcc74ae155622362b6
SHA256

ea277f3d1af0d063b093aa6b1d74de1460c68c43b2656760e0dd86c3f1d8e50d
SHA512

fd784b321a158d7e742d04730f066283a45c28e8f37aa40c058236c0154a18dee019f6d608991d090bc68f37681141494f3f300ca07f5fb21bbb0cacf59fc328
SSDEEP

96:oKShRfnDx46uwJtb7VxWV7F49qqRQGtCTWxpyMFck6rDrsOL0C7136IqejOZtCtY:oKSHDKrwLVgqqqRQOwWxD6ksrsON7130

Score

10^/10

crimsonrat defense_evasion discovery macro macro_on_action rat

Static task

static1

Behavioral task

behavioral1

Sample

download.png

Resource

win10v2004-20240802-en

crimsonrat defense_evasion discovery macro macro_on_action rat

windows10-2004-x64

23 signatures

150 seconds

Malware Config

Extracted

Family

crimsonrat

C2

185.136.161.124

Targets

- Target
  
  download.png
- Size
  
  4KB
- MD5
  
  53be45ec1a8da5bf21e4af595221cd6e
- SHA1
  
  78fe5f060e9ac3a34d16d0fcc74ae155622362b6
- SHA256
  
  ea277f3d1af0d063b093aa6b1d74de1460c68c43b2656760e0dd86c3f1d8e50d
- SHA512
  
  fd784b321a158d7e742d04730f066283a45c28e8f37aa40c058236c0154a18dee019f6d608991d090bc68f37681141494f3f300ca07f5fb21bbb0cacf59fc328
- SSDEEP
  
  96:oKShRfnDx46uwJtb7VxWV7F49qqRQGtCTWxpyMFck6rDrsOL0C7136IqejOZtCtY:oKSHDKrwLVgqqqRQOwWxD6ksrsON7130
Score

10^/10

crimsonrat defense_evasion discovery macro macro_on_action rat
- CrimsonRAT main payload
- CrimsonRat
  Crimson RAT is a malware linked to a Pakistani-linked threat actor.
  rat crimsonrat
- Downloads MZ/PE file
- Office macro that triggers on suspicious action
  Office document macro which triggers in special circumstances - often malicious.
  macro macro_on_action
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

crimsonratdefense_evasiondiscoverymacromacro_on_actionrat

© 2018-2024

Terms | Privacy