Extracted

• • Target

    RNSM00398.7z

  • Size

    35.6MB

  • MD5

    3b49730191d772ce76f948b1df95b031

  • SHA1

    7d52bb20e716d41b4dcaa71d76b23425a6dfd260

  • SHA256

    a1941a5b8cdbf7cd067ee8c9005c6d8ee3b83c5b6aa8d11328596488ca158c84

  • SHA512

    19b7f11784844562eff25c2d68e9a44ab071d064ce15ebe86592d918bcc3eb55a0c584d345842a7f5357914beb8d39d726528f9d79f2773bfebf86726caf640f

  • SSDEEP

    786432:2x/uG7WdVIu/Dwno4l2xVPtp+yxk3DX2m99a73uw2HK13W2n:2x/XUIu/DSUxVP7+yGam907+RHK9

  Score

  10^/10

  crimsonratagilenetdiscoveryevasionexecutionratthemidaupxvmprotect

  • CrimsonRAT main payload

  • CrimsonRat

    Crimson RAT is a malware linked to a Pakistani-linked threat actor.

    ratcrimsonrat

  • Crimsonrat family

    crimsonrat

  • Disables service(s)

    evasionexecution

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Modifies file permissions

    discovery

  • Obfuscated with Agile.Net obfuscator

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    agilenet

  • Themida packer

    Detects Themida, an advanced Windows software protection system.

    themida

  • VMProtect packed file

    Detects executables packed with VMProtect commercial packer.

    vmprotect

  • Network Share Discovery

    Attempt to gather information on host network.

    discovery

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1