General

  • Target

    3217397c6b12d88b5039a4c42848d8a6b03c37ecf322d9cf0836eebacc81149f

  • Size

    157KB

  • Sample

    250218-1d6qrs1ps8

  • MD5

    164f7996b586499ba1ebdb8e10f5581e

  • SHA1

    72c005e12d9ee2c33c161c37eccbea2b7922be12

  • SHA256

    3217397c6b12d88b5039a4c42848d8a6b03c37ecf322d9cf0836eebacc81149f

  • SHA512

    c88a1c95dc83bf8bbacbd93cf9d9519a23de7e0158c8f39b2a371963e58eba25610562097c9d679f868e7aa0799cc4bb91e78acf8b82a9d8d09e7c8bdf6e0790

  • SSDEEP

    3072:FMKu+tcIroKu3COaWgPn8/wa+5pbthx0cLKCFj8Q8YwzpsYc4o+1HBZGBG:FM3nIrhu3Pa//tLvmQopcnqhZ6G

Malware Config

Extracted

Family

crimsonrat

C2

209.127.18.107

101.125.206.108

Targets

    • Target

      3217397c6b12d88b5039a4c42848d8a6b03c37ecf322d9cf0836eebacc81149f

    • Size

      157KB

    • MD5

      164f7996b586499ba1ebdb8e10f5581e

    • SHA1

      72c005e12d9ee2c33c161c37eccbea2b7922be12

    • SHA256

      3217397c6b12d88b5039a4c42848d8a6b03c37ecf322d9cf0836eebacc81149f

    • SHA512

      c88a1c95dc83bf8bbacbd93cf9d9519a23de7e0158c8f39b2a371963e58eba25610562097c9d679f868e7aa0799cc4bb91e78acf8b82a9d8d09e7c8bdf6e0790

    • SSDEEP

      3072:FMKu+tcIroKu3COaWgPn8/wa+5pbthx0cLKCFj8Q8YwzpsYc4o+1HBZGBG:FM3nIrhu3Pa//tLvmQopcnqhZ6G

    • CrimsonRat

      Crimson RAT is a malware linked to a Pakistani-linked threat actor.

    • Crimsonrat family

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks