Overview

overview

10

Static

static

10

VMX Spoofer.exe

windows11-21h2-x64

10

.pyc

windows11-21h2-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    VMX Spoofer.exe

  • Size

    7.7MB

  • Sample

    250311-cdhryaxsc1

  • MD5

    14bcc63d4b353f5402f913657aa64ee2

  • SHA1

    2d23fab562d41b519b7341d22b06e94acac806a2

  • SHA256

    2dc01b1e16718af5cd299d0f5234395162558dda735b99e5d992cabfc82e81d0

  • SHA512

    29a09f620328a50bec09fa97fdc88f943ff9581b7ba603e754cff5b82ac79567fd0a176bf848f26a754566eb6dc0a03c6e59ab2e0ecc02b7a0988c2b79e9a072

  • SSDEEP

    196608:3W106oxwfI9jUCD6rlaZLH7qRGrGIYUoZy8FUsOnAoT:ZuIH20drLYRZjoT

Score
10/10
blankgrabbercrimsonratdiscoveryexecutionratupx

Malware Config

Extracted

Family

crimsonrat

C2

185.136.161.124

Targets

    • Target

      VMX Spoofer.exe

    • Size

      7.7MB

    • MD5

      14bcc63d4b353f5402f913657aa64ee2

    • SHA1

      2d23fab562d41b519b7341d22b06e94acac806a2

    • SHA256

      2dc01b1e16718af5cd299d0f5234395162558dda735b99e5d992cabfc82e81d0

    • SHA512

      29a09f620328a50bec09fa97fdc88f943ff9581b7ba603e754cff5b82ac79567fd0a176bf848f26a754566eb6dc0a03c6e59ab2e0ecc02b7a0988c2b79e9a072

    • SSDEEP

      196608:3W106oxwfI9jUCD6rlaZLH7qRGrGIYUoZy8FUsOnAoT:ZuIH20drLYRZjoT

    Score
    10/10
    crimsonratdiscoveryexecutionratupx

    • CrimsonRAT main payload

    • CrimsonRat

      Crimson RAT is a malware linked to a Pakistani-linked threat actor.

      ratcrimsonrat

    • Crimsonrat family

      crimsonrat

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1

    • Target

      .pyc

    • Size

      1KB

    • MD5

      8989fca0effd90819bd10f5ae8eefaa3

    • SHA1

      8c2cdbab931e5ba371a44cd7ec5597c596b39337

    • SHA256

      c313e21d9a86da62394bea8cd51483a8115186a5cb65816fc83e1cd916e19c45

    • SHA512

      6fb65b66bfb4a85b6c767b1e044d0faf284510a3a44780792834158945366a87121372dd8c396a1baafe1cbc08e66420c2c9d10682cd5d664767f98b160d9b41

    Score
    3/10
    behavioral2

MITRE ATT&CK Enterprise v15

Tasks