486b1ff53fb896c08eb98df156d8e36a1c88285ee109c7f27adc0c41ef0762ea

Resubmissions

19/11/2024, 13:13

241119-qgh4rswmbw 7

19/11/2024, 13:11

241119-qe7pca1mgp 6

Sharing

Copy URL

Twitter E-mail

General

Target

CRIMSON.rar
Size

4.4MB
Sample

241119-qgh4rswmbw
MD5

2b25769587217a2efbe211272f2865d3
SHA1

995f40036f7b4d9c6e67e955c0e6398ef0f77b44
SHA256

486b1ff53fb896c08eb98df156d8e36a1c88285ee109c7f27adc0c41ef0762ea
SHA512

a1fdcda646c6e7beb208d281830208a7b115de39fd665e5505921439c889a06ac97004fee60f6e4520de908832eeb6c13f02876fbbdbe1f6d7f80eca595964c0
SSDEEP

98304:RbhxBeuogXXlZFXlJuMeKMHB2KEc3CcFYhAvbioai3ldVy:beuow1ZFVJl2B2Yljvbioy

Score

7^/10

discovery execution

Malware Config

Targets

- Target
  
  CRIMSON.rar
- Size
  
  4.4MB
- MD5
  
  2b25769587217a2efbe211272f2865d3
- SHA1
  
  995f40036f7b4d9c6e67e955c0e6398ef0f77b44
- SHA256
  
  486b1ff53fb896c08eb98df156d8e36a1c88285ee109c7f27adc0c41ef0762ea
- SHA512
  
  a1fdcda646c6e7beb208d281830208a7b115de39fd665e5505921439c889a06ac97004fee60f6e4520de908832eeb6c13f02876fbbdbe1f6d7f80eca595964c0
- SSDEEP
  
  98304:RbhxBeuogXXlZFXlJuMeKMHB2KEc3CcFYhAvbioai3ldVy:beuow1ZFVJl2B2Yljvbioy
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  CRIMSON/Bin/Xeno.dll
- Size
  
  958KB
- MD5
  
  922e65fd502fedf855422f9343fb88fa
- SHA1
  
  12803d54a1c91ba25bae7d924016e0dce667ab15
- SHA256
  
  6a1afc9c98761fcd93f1f8878b673af549f3bbe97d6ae3ecb23a080462a41d54
- SHA512
  
  b4cb9f19eec8e2d159733f39580e762a7ef74f2e962618d7b8b969bb84e294867890a20c503feea53dc451eb9cd03d41e35c2d5825c16bf730ba4c2081e0a8c2
- SSDEEP
  
  12288:2GhQW0to+40OXmwuFyEd/LJgxUZ8ipQsxja67rno+X24KkT0M01/:2GooRpXmhyEWUZ8iQEjv7kj4KkT0
Score

1^/10
behavioral3 behavioral4
- Target
  
  CRIMSON/Bin/libcrypto-3-x64.dll
- Size
  
  4.5MB
- MD5
  
  be0f6d1d60e149cedaca33a04963e05f
- SHA1
  
  b686e1ed9ae47b8ae803a5d9e912b0e631bc4217
- SHA256
  
  81a5fe6cd0ef5b083e5c4bdb6a40a30bfb1b0de15a9dfad459de2d6a36d94f86
- SHA512
  
  7b39dd8c70286ec4fe61cb2c3c12062f2dcbdda607c2f14c4f983741026f6aa62b60f9e983204949395cc54b5ebf6426c0f8300e0e385c35c1f2f3847160d7ff
- SSDEEP
  
  98304:5l+f+Kv6t8y37re39P6k1CPwDvt3uFGCC:/Cyt8yLre39yk1CPwDvt3uFGCC
Score

1^/10
behavioral5 behavioral6
- Target
  
  CRIMSON/Bin/libssl-3-x64.dll
- Size
  
  802KB
- MD5
  
  733e3b58ee1760a442fec4712848c3ad
- SHA1
  
  529206caad19cce2424323bc29a9fb9a4bbd3e76
- SHA256
  
  159198cb8e740f9ad5918b51503121fd1b7e70460f6a4f6a6aa27576bbfa31c7
- SHA512
  
  10835ff09e35d8acb2739707219905b3ae2870af973d8f80040baeb732eb798fa93ef1bc599ad9898aff8e20ee21aa1f5e5e07340eda205aa938fc001cd83a88
- SSDEEP
  
  12288:uDYDcpeu9jFBOBJfbudc68KqLie1+jKMwmUxlcdEVB3ks:usM9jFr8OeW5wmNdEVB3k
Score

1^/10
behavioral7 behavioral8
- Target
  
  CRIMSON/Bin/xxhash.dll
- Size
  
  46KB
- MD5
  
  70c514826d9428f184d27f0c8f397404
- SHA1
  
  e6b0b1a396de9913004d9bcaa230972686416bb6
- SHA256
  
  aff59e91d222b75b3e3ac789baba9e24eff99796261ae5e887ef9e3c28bb3d64
- SHA512
  
  168c63cbb54865ca42a884fd974291bcadd9dd8cf8bc1980148214e84498af42a590cb3d3a394765ee0b7d2e337fab6e85ff4f85d9ced97b92b540152202a0a6
- SSDEEP
  
  768:tziPp7yW4k3QDn24NuDUSu0MKQVMNKuxYAuogba4Mk3Q18swN1WQ8hi6U:tziR74kgDn2rDRuIrN5mAvgbTg18DN1z
Score

1^/10
behavioral10 behavioral9
- Target
  
  CRIMSON/Bin/zstd.dll
- Size
  
  638KB
- MD5
  
  5b96fb0d4e6453680da278f5b7e51a29
- SHA1
  
  3c96a29248fa3644de2c653a5d97c1e21b13a769
- SHA256
  
  1374391dafd6262795243a58f9fb234be859d940683fe756c64692ca807f0478
- SHA512
  
  27d06b7182aa48a81cce18f8f7b1bee054f3a862ccebd77d273a67c6a15e5d0ef5ba8fd7430976f445eb8bff51d290f2bb50061ac7ef448255ba8a18b8baf193
- SSDEEP
  
  6144:fbauYl+rrR8uT4uB5uWYfO16oMynnjDHMkYHbpk5tRCEybNFZemMBLx4uQ16aSG:fbauYGT5BYMxjDHMk0petRCEyb9emHO
Score

1^/10
behavioral11 behavioral12
- Target
  
  CRIMSON/Crimson Best.exe
- Size
  
  133KB
- MD5
  
  f71cdf848c5ca76ad9e6e879a3cb20d2
- SHA1
  
  ecb7ccbdca1d33430af3bfa40237d93e74a0a6a4
- SHA256
  
  1bf439d985e2e046c34d469d83545d4b760ca21c1f25253e35c3d7000a0c7787
- SHA512
  
  47a66cd6c2a0eff0a3a79bf9cc1bb201032fd0913c35fab311c7c6e601a1e768656b47092294c552f9bc867cef1e28e8a945d1dca85494964f385f753daca811
- SSDEEP
  
  3072:D46omPF4ZWeDwYW5CuQkj54kmqshAcmhcn:DahhUMunn7InQ
Score

6^/10
- Legitimate hosting services abused for malware hosting/C2
behavioral13 behavioral14
- Target
  
  CRIMSON/FastColoredTextBox.dll
- Size
  
  323KB
- MD5
  
  8610f4d3cdc6cc50022feddced9fdaeb
- SHA1
  
  4b60b87fd696b02d7fce38325c7adfc9e806f650
- SHA256
  
  ac926c92ccfc3789a5ae571cc4415eb1897d500a79604d8495241c19acdf01b9
- SHA512
  
  693d1af1f89470eab659b4747fe344836affa0af8485b0c0635e2519815e5a498f4618ea08db9dcf421aac1069a04616046207ee05b9ed66c0a1c4a8f0bddd09
- SSDEEP
  
  6144:0R0J4lx4/7BA4xvNdcwCOg04j0y5mwZkdmsqmLDi5eNH+Dl1SIP0:0R0J48lAovNd7CO34D4b4eNO
Score

1^/10
behavioral15 behavioral16
- Target
  
  CRIMSON/Guna.UI2.dll
- Size
  
  2.1MB
- MD5
  
  c19e9e6a4bc1b668d19505a0437e7f7e
- SHA1
  
  73be712aef4baa6e9dabfc237b5c039f62a847fa
- SHA256
  
  9ac8b65e5c13292a8e564187c1e7446adc4230228b669383bd7b07035ab99a82
- SHA512
  
  b6cd0af436459f35a97db2d928120c53d3691533b01e4f0e8b382f2bd81d9a9a2c57e5e2aa6ade9d6a1746d5c4b2ef6c88d3a0cf519424b34445d0d30aab61de
- SSDEEP
  
  49152:6QNztBO2+VN7N3HtnPhx70ZO4+CPXOn5PThDH2TBeHjvjiBckYf+Yh/FJ3:6Ahck2z
Score

1^/10
behavioral17 behavioral18
- Target
  
  CRIMSON/Monaco/index.html
- Size
  
  1KB
- MD5
  
  efd81d18eef80e7a5cc70db71d658067
- SHA1
  
  98b0b7b9c738705263d92b41ef9f810a2f2cd849
- SHA256
  
  38df7c585f0775d175435305f709b7418d60a98e17d542299e2ccb35c4cd2726
- SHA512
  
  9a46cd4abc069ad2c7247863c6e9a29bf546f47150ac41feac448bf8d092672e42033e386dcb55a80d9e61c79458cd8589b5587b018e0fe852fb13dd8053b4d4
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  CRIMSON/Monaco/vs/base/worker/workerMain.js
- Size
  
  149KB
- MD5
  
  27ead90c7702154755785e0e53398755
- SHA1
  
  86b59485fe6f6ccb1805183fa75062a2ac1c859e
- SHA256
  
  bdf9433692a08851e13dd58504eef19f51bd2ec7241923a68edf5772e0e53af5
- SHA512
  
  6829681575179c90bb7817b17feee60e7d44d8abb15264ab39d7f0edf95dd1d030b99c12b005c753cd786c26ce6f17ff09b058c16f3363596f785e386ef78e82
- SSDEEP
  
  1536:XNSxrkwnz+dTHHfvYYdBwDZ2Ogvh52xgh2hQXIvTBaB7hU74Yc6aphU1PblosJEl:XzdTagJkb+6jFlJJEt9yjjTCD2zw
Score

3^/10

execution
behavioral21 behavioral22
- Target
  
  CRIMSON/Monaco/vs/basic-languages/bat/bat.js
- Size
  
  2KB
- MD5
  
  4cb475399c4490eea41982dcd6d9653e
- SHA1
  
  fc97d57206ff7fa1c89ff0fc9f6e2f04a20ea185
- SHA256
  
  9bca42394fe8922fec24b768eeb8ce04692de6fad82f9052d5b7e70f5c6b0f40
- SHA512
  
  27eefe83cf38a7d784414d99b472f6fcd7e595691eb0f368254ba1f71aaf702840b62bf232c30c515a8fada234699fefeef496c0c24669cc158cb567227e4783
Score

3^/10

execution
behavioral23 behavioral24
- Target
  
  CRIMSON/Monaco/vs/basic-languages/coffee/coffee.js
- Size
  
  3KB
- MD5
  
  9d0c4ac1691eed0a480c3e9246490d29
- SHA1
  
  38258864fd070c35cec6b68715d58771df9fe3e1
- SHA256
  
  e706c9f8e5c5a0cb01b2f4e4879ec34a050d6eb2a8840284eb7badd9d78099f9
- SHA512
  
  437a703607a9f0cb96ffb56312d149b95f596290591d14098c36d978b2e1fdba3c3712c9099923bc0a709c5c0ebd7eea868f63dfbcc69cdf5a9325b8a67006b6
Score

3^/10

execution
behavioral25 behavioral26
- Target
  
  CRIMSON/Monaco/vs/basic-languages/cpp/cpp.js
- Size
  
  5KB
- MD5
  
  0a16509e6cd0155fb622e785cfe976c7
- SHA1
  
  7afa7f823191c43d7a4bdd7d91577495de62c21a
- SHA256
  
  a7c2bea7ca3d9e203a3a286735945fe010c8f4f8d46620386ee8befc6a78b32b
- SHA512
  
  2cbc48cb10c467561c6a84f59405e9c2f864640b3a21e6fe5cd14ad1a7ca5667b766b3c0511df26f28205dd17338a878bd1164a4f5875235a73214f3e4aeb49d
- SSDEEP
  
  96:hFDMgRs/rbV1+gqVV1+/LVb9ZRC2seM6jjz13MwVcEghhb6Yw76wGcmvRBNIs:hZGrTOcVv5M61h8hSeiYL
Score

3^/10

execution
behavioral27 behavioral28
- Target
  
  CRIMSON/Monaco/vs/basic-languages/csharp/csharp.js
- Size
  
  4KB
- MD5
  
  f8f841d13c9220e15dcd6bc386b37ba2
- SHA1
  
  2b8b7003820d19ed83afde98c845db5e3d5753f8
- SHA256
  
  6b3be9a86ee8e3202f51745d94d24cc1eefbcf7d9e6d94fbaf70146b084e835f
- SHA512
  
  0b167865b8d7847792c80144e83bdf33655db6ecc0934bb3290f8b5793fee8168aeaf9d74b3541a9424c4f180aad496c2d8710e3847a5bf9d4b2c960ddea4ae5
- SSDEEP
  
  96:hFDMgRsVx+rbV1+gqGV1+hmQuq1cBh8b7gj8/pLxb6J994wGcKU7dYIkI:hZi+rTtPsRXpw9SiKUJGI
Score

3^/10

execution
behavioral29 behavioral30
- Target
  
  CRIMSON/Monaco/vs/basic-languages/csp/csp.js
- Size
  
  1KB
- MD5
  
  22ada25d590811dcff4e5f5d698e583b
- SHA1
  
  c43d4846967d5037ef05b102e49d1fbc54e45fbc
- SHA256
  
  4b5a5d7d50986b86b00833447e097c0f01a4388ce1765b48e7e371d06e3a4789
- SHA512
  
  c8373ea0b78114f82e8bf027473f72ada0d8acd51623152a0072111d8b3b7d5ac310a1cc510c4e4cd2e97a7686db3c87b2da675fc910898bd11108e4b50ed189
Score

3^/10

execution
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Executes dropped EXE

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32