ioc[.]one - OSINT Cyber Threat Intelligence Database

AsyncRAT OneNote Dropper

Tags

maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 Powershell - T1086

Show in Graph

Common Information

Type	Value
UUID	3f79dfeb-0f8a-4381-8548-6aaeb9f4f396
Fingerprint	3c9316b0058ec3d0
Analysis status	DONE
Considered CTI value	2
Text language
Published	Feb. 11, 2023, midnight
Added to db	Aug. 30, 2024, 11:14 p.m.
Last updated	Nov. 17, 2024, 6:54 p.m.
Headline	AsyncRAT OneNote Dropper
Title	AsyncRAT OneNote Dropper
Detected Hints/Tags/Attributes	33/2/32

Source URLs

	Redirection	Url
Details	Source	https://0xtoxin.github.io/malware%20analysis/AsyncRAT-OneNote-Dropper/

URL Provider

Details	Provider	Source level domain
Details	github.io	0xtoxin.github.io

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	7	✔	Toxin Labs	https://0xtoxin.github.io/feed.xml	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	9	onedump.py
Details	Domain	228	system.io
Details	Domain	149	system.security
Details	Domain	2	field.name
Details	Domain	5	invoice.one
Details	File	9	onedump.py
Details	File	1208	powershell.exe
Details	File	108	0.exe
Details	File	1	nx0.exe
Details	File	1	njkwh.key
Details	File	36	compression.gzip
Details	File	1	one.bat
Details	File	1	one.gz
Details	File	55	payload.exe
Details	File	2	runpe.dll
Details	File	1	ticket_reprint.pdf
Details	File	6	io.bin
Details	File	1	c:\users\igal\desktop\asyncrat.bin
Details	File	3	client.settings
Details	File	1	dotnetloader.bin
Details	File	1	asyncrat.bin
Details	File	2	loader.ps1
Details	File	1	async.ps1
Details	md5	1	00AFA56C0FA71C2AD47B908F6EA2308D
Details	sha1	1	08a82a722ad7b5376494d7112785b366da6cf449
Details	sha256	2	b11b51ff96dc7a5f1cf9985087a6ad4f66980a2b2a9b1945acd43e39434c8dec
Details	sha256	1	9800bef9d4936ee96d4872fb686121dd7209f8b529e9bdc833c4fe54bb68f5c8
Details	sha256	1	3c37d7351c091a9c2fce72ecde4bcd1265f148dc3b77017d468e08741091bc50
Details	sha256	1	101e408316eb7997bc4d2a383db92ab5a60da4742ebd7a7b8f15ca5d4d54bebe
Details	sha256	1	00cdee79a9afc1bf239675ba0dc1850da9e4bf9a994bb61d0ec22c9fdd3aa36f
Details	IPv4	3	207.244.236.205
Details	IPv6	8	::cbc