Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://www.bing.com...

windows10-1703-x64

10

https://www.bing.com...

windows7-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://www.bing.com/ck/a?!&&p=1cb736670ed51278JmltdHM9MTcyMjM4NDAwMCZpZ3VpZD0zNDk3MWI2Yi1hZjZhLTY4ODctMjNiNi0wODdjYWVkMjY5ZjImaW5zaWQ9NTIwNA&ptn=3&ver=2&hsh=3&fclid=34971b6b-af6a-6887-23b6-087caed269f2&psq=squidward+virus+github&u=a1aHR0cHM6Ly9naXRodWIuY29tL0RhMmRhbHVzL1RoZS1NQUxXQVJFLVJlcG8&ntb=1

  • Sample

    240731-yxyhds1cql

Score
10/10
crimsonratdefense_evasiondiscoverypersistencerat

Malware Config

Extracted

Family

crimsonrat

C2

185.136.161.124

Targets

    • Target

      https://www.bing.com/ck/a?!&&p=1cb736670ed51278JmltdHM9MTcyMjM4NDAwMCZpZ3VpZD0zNDk3MWI2Yi1hZjZhLTY4ODctMjNiNi0wODdjYWVkMjY5ZjImaW5zaWQ9NTIwNA&ptn=3&ver=2&hsh=3&fclid=34971b6b-af6a-6887-23b6-087caed269f2&psq=squidward+virus+github&u=a1aHR0cHM6Ly9naXRodWIuY29tL0RhMmRhbHVzL1RoZS1NQUxXQVJFLVJlcG8&ntb=1

    Score
    10/10
    crimsonratdefense_evasiondiscoverypersistencerat

    • CrimsonRAT main payload

    • CrimsonRat

      Crimson RAT is a malware linked to a Pakistani-linked threat actor.

      ratcrimsonrat

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks