AsyncRAT Being Distributed as Windows Help File (*.chm) - ASEC BLOG
Tags
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Keylogging - T1056.001 Keylogging - T1417.001 Malware - T1587.001 Malware - T1588.001 Mshta - T1218.005 Powershell - T1059.001 Software - T1592.002 Mshta - T1170 Powershell - T1086 |
Common Information
| Type | Value |
|---|---|
| UUID | aec4f370-b511-4977-b84a-66f6fed0ab0a |
| Fingerprint | 84193fe309f102a3 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Feb. 13, 2023, 9:10 a.m. |
| Added to db | Feb. 13, 2023, 8:50 a.m. |
| Last updated | Dec. 20, 2024, 6:20 a.m. |
| Headline | AsyncRAT Being Distributed as Windows Help File (*.chm) |
| Title | AsyncRAT Being Distributed as Windows Help File (*.chm) - ASEC BLOG |
| Detected Hints/Tags/Attributes | 37/2/29 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://asec.ahnlab.com/en/47525/ |
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 17 | ✔ | ASEC | https://asec.ahnlab.com/en/feed/ | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 2 | 2023foco.com.br |
|
| Details | Domain | 307 | microsoft.net |
|
| Details | File | 2 | vvvvv.txt |
|
| Details | File | 2 | c:\programdata\v.vbs |
|
| Details | File | 3 | v.vbs |
|
| Details | File | 131 | regasm.exe |
|
| Details | File | 2 | dcreverso.txt |
|
| Details | File | 38 | 2.txt |
|
| Details | File | 37 | powershell_ise.exe |
|
| Details | File | 2 | printa.txt |
|
| Details | File | 3 | runpe.jpg |
|
| Details | File | 273 | iexplore.exe |
|
| Details | File | 11 | rl_generic.c4 |
|
| Details | File | 27 | agent.c4 |
|
| Details | md5 | 2 | ea64cc5749f48f610074636426fdfb4c |
|
| Details | md5 | 2 | b810d06b6ead297da6d145fca80c80b2 |
|
| Details | md5 | 2 | ac64e8e7eb01755cc363167dd7653d53 |
|
| Details | md5 | 2 | 824584841251baa953b21feb5f516bed |
|
| Details | md5 | 2 | 407b0b88187916dc2e38c8d796c10804 |
|
| Details | md5 | 2 | d5dcb2348a9c414dbd980d7e3df63fe8 |
|
| Details | md5 | 2 | c45f6c4e3222c4308c80c945fb3ac4dc |
|
| Details | IPv4 | 2 | 51.79.116.37 |
|
| Details | Url | 2 | https://2023foco.com.br/plmckv.hta |
|
| Details | Url | 2 | http://2023foco.com.br/vvvvv.txt |
|
| Details | Url | 2 | https://2023foco.com.br/serverhta.hta |
|
| Details | Url | 2 | https://2023foco.com.br/dcreverso.txt |
|
| Details | Url | 2 | https://2023foco.com.br/2.txt |
|
| Details | Url | 2 | https://2023foco.com.br/printa.txt |
|
| Details | Url | 2 | https://2023foco.com.br/runpe.jpg |