Extracted

• • Target

    Bootstrapper.exe

  • Size

    795KB

  • MD5

    365971e549352a15e150b60294ec2e57

  • SHA1

    2932242b427e81b1b4ac8c11fb17793eae0939f7

  • SHA256

    faad2bc8e61b75e595a80ff2b6d150ff8b27187a8ba426cc1e5e38e193ab6d42

  • SHA512

    f7ba1353e880213a6bdf5bd1dfdfd42a0acf4066a540a502e8df8fec8eac7fb80b75aa52e68eca98be3f7701da48eb90758e5b94d72013d3dff05e0aaf27e938

  • SSDEEP

    12288:GYa9sBhIBdCdbX1USoeQDj/VNpA+dZIznBpGTEy:Pa98hIBdjSoeQDj/VNpZdZIznBpg

  Score

  10^/10

  crimsonratagilenetdefense_evasiondiscoveryevasionransomwarerattrojanupx

  • CrimsonRAT main payload

  • CrimsonRat

    Crimson RAT is a malware linked to a Pakistani-linked threat actor.

    ratcrimsonrat

  • Crimsonrat family

    crimsonrat

  • UAC bypass

    defense_evasiontrojan

  • Modifies boot configuration data using bcdedit

    ransomwareevasion

  • Enables test signing to bypass driver trust controls

    Allows any signed driver to load without validation against a trusted certificate authority.

    defense_evasion

  • Executes dropped EXE

  • Loads dropped DLL

  • Obfuscated with Agile.Net obfuscator

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    agilenet

  • Legitimate hosting services abused for malware hosting/C2

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1