Extracted

• • Target

    https://github.com/enginestein/Virus-Collection

  Score

  10^/10

  chimeracrimsonratdefense_evasiondiscoveryevasionransomwareratspywarestealer

  • Chimera

    Ransomware which infects local and network files, often distributed via Dropbox links.

    ransomwarechimera

  • Chimera Ransomware Loader DLL

    Drops/unpacks executable file which resembles Chimera's Loader.dll.

    ransomware

  • Chimera family

    chimera

  • CrimsonRAT main payload

  • CrimsonRat

    Crimson RAT is a malware linked to a Pakistani-linked threat actor.

    ratcrimsonrat

  • Crimsonrat family

    crimsonrat

  • Modifies boot configuration data using bcdedit

    ransomwareevasion

  • Renames multiple (3270) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Downloads MZ/PE file

  • Enables test signing to bypass driver trust controls

    Allows any signed driver to load without validation against a trusted certificate authority.

    defense_evasion

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Drops desktop.ini file(s)

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1