crimsonrat | f1b61e942e02bf9d3ba3373d34fb69a925fa4bbb25dda27286996dc71979423d | Triage

Submit
Reports

Overview

overview

Static

static

8

f1b61e942e...3d.xls

windows7-x64

f1b61e942e...3d.xls

windows10-2004-x64

Sharing

General

Target

f1b61e942e02bf9d3ba3373d34fb69a925fa4bbb25dda27286996dc71979423d
Size

625KB
Sample

241125-z1dststjhn
MD5

efd3d1d5e1b815fd868f68d112b3394f
SHA1

1e354b9180d20b2a3c3632caa3bec5ffbb8b7dfe
SHA256

f1b61e942e02bf9d3ba3373d34fb69a925fa4bbb25dda27286996dc71979423d
SHA512

362fa00ffea6d3f604bf465a9c05046ea53c8c25a03018d2b7fc00fdbd646f98d230e9516c04b6a1b5362a4e7bb64edd3fa4c0516f0ae81704d38892c35bbef7
SSDEEP

6144:QZ+RwPONXoRjDhIcp0fDlavx+W26nA5knQ:4n

Score

10^/10

crimsonrat discovery macro macro_on_action persistence rat

Static task

static1

macro macro_on_action

2 signatures

Behavioral task

behavioral1

Sample

f1b61e942e02bf9d3ba3373d34fb69a925fa4bbb25dda27286996dc71979423d.xls

Resource

win7-20240903-en

crimsonrat discovery persistence rat

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

f1b61e942e02bf9d3ba3373d34fb69a925fa4bbb25dda27286996dc71979423d.xls

Resource

win10v2004-20241007-en

crimsonrat discovery persistence rat

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

crimsonrat

C2

79.143.181.178

Targets

- Target
  
  f1b61e942e02bf9d3ba3373d34fb69a925fa4bbb25dda27286996dc71979423d
- Size
  
  625KB
- MD5
  
  efd3d1d5e1b815fd868f68d112b3394f
- SHA1
  
  1e354b9180d20b2a3c3632caa3bec5ffbb8b7dfe
- SHA256
  
  f1b61e942e02bf9d3ba3373d34fb69a925fa4bbb25dda27286996dc71979423d
- SHA512
  
  362fa00ffea6d3f604bf465a9c05046ea53c8c25a03018d2b7fc00fdbd646f98d230e9516c04b6a1b5362a4e7bb64edd3fa4c0516f0ae81704d38892c35bbef7
- SSDEEP
  
  6144:QZ+RwPONXoRjDhIcp0fDlavx+W26nA5knQ:4n
Score

10^/10

crimsonrat discovery persistence rat
- CrimsonRAT main payload
- CrimsonRat
  Crimson RAT is a malware linked to a Pakistani-linked threat actor.
  rat crimsonrat
- Crimsonrat family
  crimsonrat
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

macromacro_on_action

behavioral1

crimsonratdiscoverypersistencerat

behavioral2

crimsonratdiscoverypersistencerat

© 2018-2024

Terms | Privacy