0c966a7beeb63c7bee76689648713ebb8ee7428f71d5f48959dcd45e940fef89 | Triage

Submit
Reports

Overview

overview

8

Static

static

3

CRIMSON.rar

windows11-21h2-x64

8

Sharing

Copy URL Twitter E-mail

General

Target

CRIMSON.rar
Size

4.8MB
Sample

241117-rmlmhs1lds
MD5

c621a656ac973e464050f3a5a57705ad
SHA1

9d6f560c3d51ce652141798ebb6956d5b4515548
SHA256

0c966a7beeb63c7bee76689648713ebb8ee7428f71d5f48959dcd45e940fef89
SHA512

4583bc8f821d147aee46b3e8394b8aaa5a6e5b9f7d1270a8ad4c6d066c683a9b95186a938fa38b8ac486eb9cf592d97b342308c330829e96776ef02d16a6934a
SSDEEP

98304:6ncLKHPZCXVBFzYb0Kkar7w5ka+YrAcycgYLHSCPedgNBQ2TwBgMke:6uKHPZClBFzwDM+xYNycg4IgU2AgMke

Score

8^/10

microsoft defense_evasion discovery evasion persistence phishing trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

CRIMSON.rar

Resource

win11-20241007-en

microsoft defense_evasion discovery evasion persistence phishing trojan

windows11-21h2-x64

31 signatures

1800 seconds

Malware Config

Targets

- Target
  
  CRIMSON.rar
- Size
  
  4.8MB
- MD5
  
  c621a656ac973e464050f3a5a57705ad
- SHA1
  
  9d6f560c3d51ce652141798ebb6956d5b4515548
- SHA256
  
  0c966a7beeb63c7bee76689648713ebb8ee7428f71d5f48959dcd45e940fef89
- SHA512
  
  4583bc8f821d147aee46b3e8394b8aaa5a6e5b9f7d1270a8ad4c6d066c683a9b95186a938fa38b8ac486eb9cf592d97b342308c330829e96776ef02d16a6934a
- SSDEEP
  
  98304:6ncLKHPZCXVBFzYb0Kkar7w5ka+YrAcycgYLHSCPedgNBQ2TwBgMke:6uKHPZClBFzwDM+xYNycg4IgU2AgMke
Score

8^/10

microsoft defense_evasion discovery evasion persistence phishing trojan
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Detected potential entity reuse from brand MICROSOFT.
  phishing microsoft
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

microsoftdefense_evasiondiscoveryevasionpersistencephishingtrojan

© 2018-2025

Terms | Privacy