MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 be7c3bf33d9e06fdf23da68ab87a8c4cdddba7d2fbcaf4b1a68c443ab0a45288. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CrimsonRAT


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: be7c3bf33d9e06fdf23da68ab87a8c4cdddba7d2fbcaf4b1a68c443ab0a45288
SHA3-384 hash: d4f43b7da5946aafb84a39ab6155296741bdab5a963bceb628e0a6845dfa015e0ee83ca084510d148335ad82bde798b3
SHA1 hash: f1394aa8af3b7222c058042087b60fd6102afcf5
MD5 hash: f050ec7c999666e94840d559b4ebe2be
humanhash: gee-triple-april-nevada
File name:jalhrvrswa.exe
Download: download sample
Signature CrimsonRAT
Create hunting rule
File size:10'199'040 bytes
First seen:2021-03-03 13:49:06 UTC
Last seen:2021-03-04 09:53:52 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (49'070 x AgentTesla, 20'026 x Formbook, 12'352 x SnakeKeylogger)
ssdeep 384:BLE+xvQBl2pkkXs9BmaGXmaq41UYfrsFG2LlQxrNbSysk83osR2vUCt/pnYVM7mw:G+xzpYftGXcYEmETKUkdb7mS
Threatray 2 similar samples on MalwareBazaar
TLSH 1EA6A40AA7048B9EE47FCF7D5C67E174EBB18D645D11A65E09E03E8F3932220CA5096E
Reporter Jirehlov
Tags:apt CrimsonRAT exe TransparentTribe

Intelligence

File Origin
# of uploads :
3
# of downloads :
1'295
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
National Conference 2021.xlam
Verdict:
Malicious activity
Analysis date:
2021-03-03 13:44:06 UTC
Tags:
macros macros-on-open trojan rat crimson
Link:
https://app.any.run/tasks/8fde7bc7-9d9b-4d25-89b7-3a50f5590a55

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/121334/
Detection(s):
SecuriteInfo.com.ArtemisF050EC7C9996.25768.21887.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Sending a custom TCP request
Result
Threat name:
Oski
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/626020
Signature
Antivirus / Scanner detection for submitted sample
Machine Learning detection for sample
Potential time zone aware malware
Yara detected Oski Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/be7c3bf33d9e06fdf23da68ab87a8c4cdddba7d2fbcaf4b1a68c443ab0a45288/
Threat name:
ByteCode-MSIL.Ransomware.Foreign
Create hunting rule
Status:
Malicious
First seen:
2021-03-03 13:50:08 UTC
AV detection:
18 of 28 (64.29%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xz6dx4z5tydp34r5u2flq6umjto5xj6s7pfpjmngrrcdvmfekkea._file
Verdict:
malicious
Similar samples:
47b99e50430e9abad7326d1837ecdda5f995112b0b12406d23df5ef603d52a4e
CrimsonRAT
fe33ba5d5f49662ce90089b1f64a76887b9e1eadc46b8c0eada007295f387682
CrimsonRAT
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210303-qhvvmv6dyj/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Unpacked files
SH256 hash:
be7c3bf33d9e06fdf23da68ab87a8c4cdddba7d2fbcaf4b1a68c443ab0a45288
MD5 hash:
f050ec7c999666e94840d559b4ebe2be
SHA1 hash:
f1394aa8af3b7222c058042087b60fd6102afcf5
Link:
https://www.unpac.me/results/ac217deb-2043-4739-b05c-95f00184acc8/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.35
Link:
https://yomi.yoroi.company/submissions/be7c3bf33d9e06fdf23da68ab87a8c4cdddba7d2fbcaf4b1a68c443ab0a45288

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
X
https://twitter.com/h2jazi/status/1367102521400053767
Cape
Cape
https://www.capesandbox.com/analysis/121334/

Comments