General

  • Target

    2628ad9be62db33bcc2dd982d80a7ec4ff840349a658795e13ef9611b784eefe

  • Size

    423KB

  • Sample

    241129-1qjrrssngp

  • MD5

    fa6a95df0af45ff6601696678af711b6

  • SHA1

    c87653f543d7c9386b92732e02ee64deac0e0100

  • SHA256

    2628ad9be62db33bcc2dd982d80a7ec4ff840349a658795e13ef9611b784eefe

  • SHA512

    362d3bd45dcf7b419661a4a77545d337d7f294a143f732e18dd7f728f04e99772bb45e205513c4c03f6975778ba2d812cc6e288ff5e6591ca04ad2a639d3fc02

  • SSDEEP

    6144:ixEtjPOtioVjDGUU1qfDlavx+W2QnASFR:TF

Malware Config

Extracted

Family

crimsonrat

C2

167.114.138.12

Targets

    • Target

      2628ad9be62db33bcc2dd982d80a7ec4ff840349a658795e13ef9611b784eefe

    • Size

      423KB

    • MD5

      fa6a95df0af45ff6601696678af711b6

    • SHA1

      c87653f543d7c9386b92732e02ee64deac0e0100

    • SHA256

      2628ad9be62db33bcc2dd982d80a7ec4ff840349a658795e13ef9611b784eefe

    • SHA512

      362d3bd45dcf7b419661a4a77545d337d7f294a143f732e18dd7f728f04e99772bb45e205513c4c03f6975778ba2d812cc6e288ff5e6591ca04ad2a639d3fc02

    • SSDEEP

      6144:ixEtjPOtioVjDGUU1qfDlavx+W2QnASFR:TF

    • CrimsonRAT main payload

    • CrimsonRat

      Crimson RAT is a malware linked to a Pakistani-linked threat actor.

    • Crimsonrat family

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks