MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8ad2241815c24934b523082e603316065818decfe0d4897d4a6dee84626c5dfa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CrimsonRAT


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8ad2241815c24934b523082e603316065818decfe0d4897d4a6dee84626c5dfa
SHA3-384 hash: 833081d84c2499711933c9c08f905346e2aa038f6936796f8a3076d33fde572a09742e3f00c8fb001bbe0091c02800b1
SHA1 hash: e8d28b5c2ceb63f0fa0e3d65f9bfe39e4e4d3738
MD5 hash: fdd6831dc2cfc48b23cd92c3efe5e3d5
humanhash: solar-whiskey-monkey-two
File name:fdd6831dc2cfc48b23cd92c3efe5e3d5.exe
Download: download sample
Signature CrimsonRAT
Create hunting rule
File size:1'430'528 bytes
First seen:2020-05-20 12:31:29 UTC
Last seen:2020-05-20 15:49:45 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'649 x AgentTesla, 19'454 x Formbook, 12'202 x SnakeKeylogger)
ssdeep 24576:QoQ1GCYrKsC2AplnR9HZZAltGUQxGzaUZFimcK4ZMlkI4n:FCY/3Azr3w4V8zaUvu
Threatray 52 similar samples on MalwareBazaar
TLSH 6965DF2637079FF2CDAD47FE04DA4F446B39E0068B16DF57685D1BA4AB4337488892B2
Reporter abuse_ch
Tags:CrimsonRAT exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
1'818
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Ser.Ursu.1823.12898.29798.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Foreign
Create hunting rule
Status:
Malicious
First seen:
2020-05-20 12:37:32 UTC
File Type:
PE (.Net Exe)
Extracted files:
1
AV detection:
19 of 31 (61.29%)
Threat level:
  2/5
Verdict:
unknown
Similar samples:
2eaf25d2c99eb49743060031a22428bb7c8e78a99869638cfe43b977dda57f22
CrimsonRAT
41eef1a870eaea8573585611d3fd3b9f0fb30ed20ffe94e7082b8925b12c329d
CrimsonRAT
52e86edaba718d1876ad5fb921a189e705cf3a72887c63db49ea9faf8e85ea7e
CrimsonRAT
a50c5d39fc21ccc51d78d76bbec723414f505f40a56961ac00b567ba0d5bda36
CrimsonRAT
a7fca53f934c51402b4e970ca3895b1de0d44c03276c5838c2db12c7d92a6449
CrimsonRAT
bc742c33c446a25e6482c4209436088415d5c89a7f8ab66f37f16006d62344ac
CrimsonRAT
c9783969d5474b7035fab8eb6acfedd475ec7297cd8042f5a188b21c48b9491a
CrimsonRAT
ef72449dd56a1628cc56a50809c914fef2b5a59ca51b06e78e1c822d8938252d
CrimsonRAT
f32e731527a2a3fa24a75c8732c2e236dfb6dd4f09c50add479d6cf9e018d34c
CrimsonRAT
f9b7ef320dd7f76be9bdf12f14f0875a9f52165b989376cd1f2e2d23cdb52fe5
CrimsonRAT
+ 42 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-68wfebd386/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

CrimsonRAT

Executable exe 8ad2241815c24934b523082e603316065818decfe0d4897d4a6dee84626c5dfa

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/365293/
  
Delivery method
Distributed via web download

Comments