MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 72146e890efa1de6ee90e445ceb11ad9dc3b053fa5e82757756a393ee4617a77. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CrimsonRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 72146e890efa1de6ee90e445ceb11ad9dc3b053fa5e82757756a393ee4617a77
SHA3-384 hash: 0aea00486167de88f5551ab99e73c37eb26f68e6e54400f56d34e16541592cde63054c7ae9be289ade283648a4a74cbb
SHA1 hash: c29376cc19a74b1526a1d29bd5b2fc7e65d2eecf
MD5 hash: 1d65456095d73f63c33cf92f67587701
humanhash: missouri-india-timing-mockingbird
File name:1d65456095d73f63c33cf92f67587701.exe
Download: download sample
Signature CrimsonRAT
Create hunting rule
File size:254'976 bytes
First seen:2020-05-26 11:08:11 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'740 x AgentTesla, 19'597 x Formbook, 12'241 x SnakeKeylogger)
ssdeep 3072:PSTrVmxoK5aQKXRhw1M9IR4yQZvkDou74jIprLj+D/uTjnjov:6mCK5a3RyGOcMDoSWD2Tjj
Threatray 742 similar samples on MalwareBazaar
TLSH 3D44191736C9CBE9D20A2372D5DA51480BF0AAA121F1DB56EDE731DA0D103D3B91B9CB
Reporter abuse_ch
Tags:CrimsonRAT exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
1'801
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.Msilperseus-7772566-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Foreign
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 10:13:43 UTC
File Type:
PE (.Net Exe)
Extracted files:
1
AV detection:
19 of 30 (63.33%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
1aca49752cef2bb58d097e0ac96963e32f14e4e6b1e6e24e11125d1e9ef54cf2
CrimsonRAT
6ec6d3425cc3bdc664f5938119469a2947ad061dac33fafbd303998c9311a254
CrimsonRAT
70d86fc8d1247dcd26ed0927411614973d45216d676978f768e14cb16d362536
CrimsonRAT
70f8a912b0343b177f6c04ea6a642dd85f68044728e5481e86cfe8311ed86e21
CrimsonRAT
723080f3083b8428248cead3d4c3ad20883395e1d574f853bca15065d2217fad
CrimsonRAT
ba27536db363cf3a604908ecd21ca5b81b0b20e3f6f0447628b82e34240ae67a
CrimsonRAT
cb8cf6b203f27f3b42020653f940d2be826893d079035eac52d4d64e1102aa29
CrimsonRAT
e874283490ec44e6cad0729867ee2441d0eb80d76b615455babebc7f5d4ec452
CrimsonRAT
ef0116d9f61a26ad233dc3edc1990eb6c83b0398a593c65ef19f106008892eee
CrimsonRAT
f0b43b05479d8dde3603ef587da02925b703d7d5bc8332656ab9ca7f7e1554a4
CrimsonRAT
+ 732 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-7ctevy8k8x/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

CrimsonRAT

Executable exe 72146e890efa1de6ee90e445ceb11ad9dc3b053fa5e82757756a393ee4617a77

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/368770/
  
Delivery method
Distributed via web download

Comments