AsynRAT Trojan - Bill Payment (Pago de la factura) - SANS Internet Storm Center
Tags
| attack-pattern: | Domains - T1583.001 Domains - T1584.001 Scheduled Task - T1053.005 Server - T1583.004 Server - T1584.004 Windows Service - T1543.003 Scheduled Task - T1053 |
Common Information
| Type | Value |
|---|---|
| UUID | 2d55873b-07fd-44ef-a7bb-82d08af29036 |
| Fingerprint | f0f5d103a4ff86e4 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | March 12, 2023, midnight |
| Added to db | Oct. 24, 2023, 1:27 p.m. |
| Last updated | Nov. 17, 2024, 6:54 p.m. |
| Headline | Internet Storm Center |
| Title | AsynRAT Trojan - Bill Payment (Pago de la factura) - SANS Internet Storm Center |
| Detected Hints/Tags/Attributes | 27/1/32 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | www.dnuocc.com |
|
| Details | Domain | 3 | dnuocc.com |
|
| Details | Domain | 55 | otx.alienvault.com |
|
| Details | Domain | 58 | www.shodan.io |
|
| Details | Domain | 2 | cybergordon.com |
|
| Details | Domain | 425 | isc.sans.edu |
|
| Details | Domain | 1 | car.mitre.org |
|
| Details | Domain | 360 | attack.mitre.org |
|
| Details | File | 1 | fautrapago392023.gz |
|
| Details | File | 1 | dxkfngk.exe |
|
| Details | File | 4 | c:\windows\syswow64\schtasks.exe |
|
| Details | File | 1 | c:\users\user\appdata\roaming\crssr.exe |
|
| Details | File | 16 | sfx.exe |
|
| Details | File | 1 | crssr.exe |
|
| Details | File | 4 | result.html |
|
| Details | File | 249 | schtasks.exe |
|
| Details | sha256 | 1 | 9d33cebf6b0dec41d47cad3163026d70b399113073615b8fbf25e5af4da48b4f |
|
| Details | sha256 | 1 | 89d7a9c65b8c702a2a1705363fede2fbdaa0d651f5fa24174a3628c5e3d982c6 |
|
| Details | sha256 | 1 | 5c65e1361a5a58d5dd4c2eb8fbf599dbc817faf9478f5560de7d93e845f94b91 |
|
| Details | sha256 | 1 | 55184850a0812882fa185eea292ee74e55e9f9bed01ba9df7fed9257046ff7e1 |
|
| Details | IPv4 | 1 | 185.254.37.238 |
|
| Details | MITRE ATT&CK Techniques | 480 | T1053 |
|
| Details | MITRE ATT&CK Techniques | 275 | T1053.005 |
|
| Details | Url | 1 | https://otx.alienvault.com/indicator/ip/185.254.37.238 |
|
| Details | Url | 1 | https://www.virustotal.com/gui/file/9d33cebf6b0dec41d47cad3163026d70b399113073615b8fbf25e5af4da48b4f |
|
| Details | Url | 1 | https://www.virustotal.com/gui/file/55184850a0812882fa185eea292ee74e55e9f9bed01ba9df7fed9257046ff7e1 |
|
| Details | Url | 1 | https://www.virustotal.com/gui/file/5c65e1361a5a58d5dd4c2eb8fbf599dbc817faf9478f5560de7d93e845f94b91 |
|
| Details | Url | 1 | https://www.shodan.io/host/185.254.37.238 |
|
| Details | Url | 1 | https://cybergordon.com/result.html?id=09b5de5f |
|
| Details | Url | 1 | https://isc.sans.edu/forums/diary/asynrat |
|
| Details | Url | 1 | https://car.mitre.org/analytics/car-2013-01-002 |
|
| Details | Url | 6 | https://attack.mitre.org/techniques/t1053/005 |