Extracted

Extracted

• • Target

    SpeedAutoClicker.exe

  • Size

    2.1MB

  • MD5

    b3a2e60b9cf66a908fbc22fec9a5f398

  • SHA1

    7e8bc7e0e0c7de380e1b5d6565bd9258317e80f5

  • SHA256

    6bc32e935a514da31e6ed5559252c36d82fd64b1e6403748b0ba86598ef20071

  • SHA512

    293a9a8d6df97fa90d3abe6c756d7c063e0ee80c8f71f7f16bb6793a8d84c5781307e9bb93dca267f6aade2a39a120b9fa00e7c8f7e41bd6cdecf16adad3e697

  • SSDEEP

    49152:ypJWi2J3Y2ptHEAz+axysYC6syUkoPaPS2AJNyxUP+MkZBF:22Jo2rytClVkoOSfJNAUWJ

  Score

  10^/10

  crimsonratmetasploitbackdoordiscoverymacromacro_on_actionrattrojanupx

  • CrimsonRAT main payload

  • CrimsonRat

    Crimson RAT is a malware linked to a Pakistani-linked threat actor.

    ratcrimsonrat

  • Crimsonrat family

    crimsonrat

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Process spawned unexpected child process

    This typically indicates the parent process was compromised via an exploit or macro.

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Office macro that triggers on suspicious action

    Office document macro which triggers in special circumstances - often malicious.

    macromacro_on_action

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Legitimate hosting services abused for malware hosting/C2

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1