Extracted

Extracted

• • Target

    RNSM00323.7z

  • Size

    7.5MB

  • MD5

    33ba43580498e09684c08d92bd7f6639

  • SHA1

    aa89e6b43737f58eea83e1ef98c366883b3420dc

  • SHA256

    7d0b46f42ee73f4fe0084d3a6abe734fed72972162c1ae1ff391b8ac498f9440

  • SHA512

    d6a81b59df43573730ca45d93f20e03ad3ca4dcab25fc1a22b1f352c61b6eb9efad83e00e406bcf80b7b3c3a43be80cbb3d4d98ee2d3ea49faf61dc3e12dcd32

  • SSDEEP

    196608:Uq3khxO0zyYw1KDiUGHgMuOII1Ez++taojRDVoNX:+xGXIwgMz1utaoJV+X

  Score

  10^/10

  crimsonratmimikatzrmsdiscoverypersistenceransomwarerattrojanupx

  • CrimsonRAT main payload

  • CrimsonRat

    Crimson RAT is a malware linked to a Pakistani-linked threat actor.

    ratcrimsonrat

  • Crimsonrat family

    crimsonrat

  • Mimikatz

    mimikatz is an open source tool to dump credentials on Windows.

    mimikatz

  • Mimikatz family

    mimikatz

  • RMS

    Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

    trojanratrms

  • Rms family

    rms

  • Renames multiple (329) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • mimikatz is an open source tool to dump credentials on Windows

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Drops desktop.ini file(s)

  • Legitimate hosting services abused for malware hosting/C2

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1