crimsonrat | e7d2e3ede3d3f5c6a83e124f853b69f535c261c47f1cf03e5d0aac518568966a | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

JaffaCakes...98.dll

windows11-21h2-x64

Resubmissions

06/02/2025, 23:27

250206-3fmf1ssncj 10

06/02/2025, 23:11

250206-26kvfaskhn 6

Sharing

General

Target

JaffaCakes118_b0513a2e9f11f2ebc7d739e84f9f9b98
Size

195KB
Sample

250206-3fmf1ssncj
MD5

b0513a2e9f11f2ebc7d739e84f9f9b98
SHA1

6b6cb092ee713f0caeebabec1fb855c95dc78445
SHA256

e7d2e3ede3d3f5c6a83e124f853b69f535c261c47f1cf03e5d0aac518568966a
SHA512

a9abf6abb993b9fb0baa9edf5a02da0be5af38e404021b9e0483b7af49f0c50aa2529c2a4b567f623a050b218cb94312224f3b7d4260d49e48598a0b6c982123
SSDEEP

3072:5A2UsplBHR7MBcf/UAZ7M37Dbnz4j4hEvDAPxTgSkRRq4YT+R+SrPI//ou77Z:q2UIuyfvZE7v8j4hzgSWrwY

Score

10^/10

crimsonrat defense_evasion discovery persistence rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_b0513a2e9f11f2ebc7d739e84f9f9b98.dll

Resource

win11-20241007-en

crimsonrat defense_evasion discovery persistence rat

windows11-21h2-x64

20 signatures

150 seconds

Malware Config

Extracted

Family

crimsonrat

C2

185.136.161.124

Targets

- Target
  
  JaffaCakes118_b0513a2e9f11f2ebc7d739e84f9f9b98
- Size
  
  195KB
- MD5
  
  b0513a2e9f11f2ebc7d739e84f9f9b98
- SHA1
  
  6b6cb092ee713f0caeebabec1fb855c95dc78445
- SHA256
  
  e7d2e3ede3d3f5c6a83e124f853b69f535c261c47f1cf03e5d0aac518568966a
- SHA512
  
  a9abf6abb993b9fb0baa9edf5a02da0be5af38e404021b9e0483b7af49f0c50aa2529c2a4b567f623a050b218cb94312224f3b7d4260d49e48598a0b6c982123
- SSDEEP
  
  3072:5A2UsplBHR7MBcf/UAZ7M37Dbnz4j4hEvDAPxTgSkRRq4YT+R+SrPI//ou77Z:q2UIuyfvZE7v8j4hzgSWrwY
Score

10^/10

crimsonrat defense_evasion discovery persistence rat
- CrimsonRAT main payload
- CrimsonRat
  Crimson RAT is a malware linked to a Pakistani-linked threat actor.
  rat crimsonrat
- Crimsonrat family
  crimsonrat
- Downloads MZ/PE file
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

crimsonratdefense_evasiondiscoverypersistencerat

© 2018-2025

Terms | Privacy