Extracted

Extracted

• • Target

    https://www.crunchyroll.com/?irclickid=WRLV%3ApS8%3AxyNRGTwq-2h10eUUkCS%3AeQsEXZI2c0&utm_source=impact&utm_medium=affiliate&utm_campaign=1943907&irgwc=1

  Score

  10^/10

  crimsonratmetasploitnjratbackdoorbootkitdefense_evasiondiscoveryevasionmacromacro_on_actionpersistencephishingprivilege_escalationrattrojanupx

  • CrimsonRAT main payload

  • CrimsonRat

    Crimson RAT is a malware linked to a Pakistani-linked threat actor.

    ratcrimsonrat

  • Crimsonrat family

    crimsonrat

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Njrat family

    njrat

  • Process spawned unexpected child process

    This typically indicates the parent process was compromised via an exploit or macro.

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Modifies Windows Firewall

    evasion

  • Office macro that triggers on suspicious action

    Office document macro which triggers in special circumstances - often malicious.

    macromacro_on_action

  • A potential corporate email address has been identified in the URL: web-vitals@3

    phishing

  • Drops startup file

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Writes to the Master Boot Record (MBR)

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1