Analysis of AsyncRAT's Infection Tactics via Open Directories
Tags
| attack-pattern: | Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Scheduled Task - T1053.005 Powershell - T1086 Scheduled Task - T1053 |
Common Information
| Type | Value |
|---|---|
| UUID | 75e49058-b42b-4486-a6fc-34d5e4c7e095 |
| Fingerprint | b52c2bb02fb60b84 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Nov. 7, 2024, 9:30 a.m. |
| Added to db | Nov. 7, 2024, 10:57 a.m. |
| Last updated | Nov. 15, 2024, 4:38 p.m. |
| Headline | AsyncRAT’s Infection Tactics via Open Directories: Technical Analysis |
| Title | Analysis of AsyncRAT's Infection Tactics via Open Directories |
| Detected Hints/Tags/Attributes | 36/1/33 |
Source URLs
URL Provider
| Details | Provider | Source level domain |
|---|---|---|
| Details | any.run | any.run |
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 14 | ✔ | ANY.RUN's Cybersecurity Blog | https://any.run/cybersecurity-blog/feed/ | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 911 | any.run |
|
| Details | Domain | 2 | storeroot.duckdns.org |
|
| Details | Domain | 2 | anothonesevenfivesecsned.ddns.net |
|
| Details | File | 3 | omjrrrrrrrrrrrrrrrrrrrrvbk.xml |
|
| Details | File | 3 | teskkkelavaydafbbs.vbs |
|
| Details | File | 3 | kkkkkklllavioooootesaa.bat |
|
| Details | File | 3 | kilovberndautesaatnenn.ps1 |
|
| Details | File | 3 | uhlqoydamacutpae.vbs |
|
| Details | File | 3 | aaanootkiiilaviiiioos.bat |
|
| Details | File | 3 | roox.ps1 |
|
| Details | File | 3 | roox.bat |
|
| Details | File | 3 | roox.vbs |
|
| Details | File | 2 | fsp.txt |
|
| Details | File | 2 | zohre.jpg |
|
| Details | File | 3 | asyncrat.exe |
|
| Details | File | 2 | asyncrat.dll |
|
| Details | File | 2 | nkxhhzet6h6bxjcu.txt |
|
| Details | File | 2 | kkgulavtesaaetneenardep.ps1 |
|
| Details | sha256 | 2 | 7b73596346a36f83b6b540bfc2b779fec228a050e6d7de631d0518b526b9b128 |
|
| Details | sha256 | 2 | 561bb05d2c67fe221646b5af653ef7d1e7e552e6745f980385bd344d8155df0f |
|
| Details | sha256 | 2 | 70733e5f26a5b4d8c3d2bcc9a21cd015cee63dc0f93c819e7c401237f69967fe |
|
| Details | sha256 | 4 | 2c6c4cd045537e2586eab73072d790af362e37e6d4112b1d01f15574491296b8 |
|
| Details | sha256 | 2 | 20b15104f0afc362126f43c0b8628bced3cdecec768bcde79e60ff094c108f8a |
|
| Details | sha256 | 2 | 73e945f14db13a00fe72b5c2a20233e3bb98816bb31d035e0776b92246f681bc |
|
| Details | sha256 | 2 | f0d190d78b3ed7d83cc30224cd55bc158bdd5c40ec7b1f0108ee27afa1996ab1 |
|
| Details | sha256 | 2 | 29e93b2eac97547386f435811ccf0531ad0df62fd5f021e7e5ea90b2f1f2d69a |
|
| Details | sha256 | 2 | d5ca45ab8c9c9e6f932e9500836bd8cd725c4739dafe80a5d41e29389c3d69f3 |
|
| Details | sha256 | 2 | b1b67754391f0598e86254ad8c3a5741b70472138c1fa1be439be788c682345e |
|
| Details | sha256 | 2 | 2b312c476ccf036b5339f023a732ddf1aef3f193f59b304ba8089872bae47540 |
|
| Details | sha256 | 2 | d4edb13aa499b39b74912a30c22a1cba6d00694dcb68fa542bdc3d9ab2b66f68 |
|
| Details | sha256 | 3 | 5b1b7bd1fadfc3d2abcd8ea8f863fe96233e1dac8b994311c6a331179243b5cd |
|
| Details | IPv4 | 2 | 23.26.108.141 |
|
| Details | IPv4 | 2 | 45.126.208.245 |