Extracted

• • Target

    v.exe

  • Size

    844KB

  • MD5

    7ecfc8cd7455dd9998f7dad88f2a8a9d

  • SHA1

    1751d9389adb1e7187afa4938a3559e58739dce6

  • SHA256

    2e67d5e7d96aec62a9dda4c0259167a44908af863c2b3af2a019723205abba9e

  • SHA512

    cb05e82b17c0f7444d1259b661f0c1e6603d8a959da7475f35078a851d528c630366916c17a37db1a2490af66e5346309177c9e31921d09e7e795492868e678d

  • SSDEEP

    12288:GaWzgMg7v3qnCiWErQohh0F49CJ8lnybQg9BFg9UmTRHlM:BaHMv6CGrjBnybQg+mmhG

  Score

  10^/10

  chimeracrimsonratcredential_accessdefense_evasiondiscoverymacromacro_on_actionpersistenceransomwareratspywarestealer

  • Chimera

    Ransomware which infects local and network files, often distributed via Dropbox links.

    ransomwarechimera

  • Chimera Ransomware Loader DLL

    Drops/unpacks executable file which resembles Chimera's Loader.dll.

    ransomware

  • Chimera family

    chimera

  • CrimsonRAT main payload

  • CrimsonRat

    Crimson RAT is a malware linked to a Pakistani-linked threat actor.

    ratcrimsonrat

  • Crimsonrat family

    crimsonrat

  • Renames multiple (1609) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Downloads MZ/PE file

  • Office macro that triggers on suspicious action

    Office document macro which triggers in special circumstances - often malicious.

    macromacro_on_action

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Drops desktop.ini file(s)

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1