Asnyc RAT Analysis
Tags
cmtmf-attack-pattern: Process Injection
maec-delivery-vectors: Watering Hole
attack-pattern: Data Malware - T1587.001 Malware - T1588.001 Msiexec - T1218.007 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Process Injection - T1631 Python - T1059.006 Software - T1592.002 Tool - T1588.002 Powershell - T1086 Process Injection - T1055
Show in Graph
Common Information
Type Value
UUID f0f59db0-3b45-4cfa-b0cb-5fbead6c0d09
Fingerprint 328018f1bde38648
Analysis status DONE
Considered CTI value 2
Text language
Published Nov. 14, 2024, 11:23 a.m.
Added to db Nov. 14, 2024, 1:01 p.m.
Last updated Nov. 17, 2024, 5:59 p.m.
Headline Malware Analysis: I Smell a RAT!
Title Asnyc RAT Analysis
Detected Hints/Tags/Attributes 55/3/25
Source URLs
Redirection Url
Details Source https://medium.com/@coormac/malware-analysis-async-rat-06b9ceaaa2b1?source=rss------malware-5
URL Provider
Details Provider Source level domain
Details medium.com medium.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 171 Malware on Medium https://medium.com/feed/tag/malware 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 2 
gbshost.net
Details Domain 1 
e-statment20776.exe.zip
Details Domain 14 
pyinstxtractor.py
Details Domain 1 
e-statment66008.exe.zip
Details File 1 
e-statment20776.exe
Details File 2 
uac.dll
Details File 3 
userinfo.dll
Details File 3 
nact.dll
Details File 1 
new_x320.exe
Details File 2 
nsdialogs.dll
Details File 57 
system.dll
Details File 1 
new_320d.exe
Details File 14 
pyinstxtractor.py
Details File 34 
winhttp.dll
Details File 39 
amsi.dll
Details File 13 
fontdrvhost.exe
Details File 1 
e-statment66008.exe
Details sha256 1 
f848795e0524106dff936ef8f65b2acb6ae9b40a50d54b513ef12f64de465b99
Details sha256 1 
f23b8d65606c71b8dcecd34078d6037730a16979d402ea5e99a8df1447553c47
Details sha256 1 
416133dd86c0dff6b0fcaf1f46dfe97fdc85b37f90effb2d369164a8f7e13ae6
Details sha256 1 
2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08
Details sha256 1 
6293408a5fa6d0f55f0a4d01528eb5b807ee9447a75a28b5986267475ebcd3ae
Details sha256 1 
bbfc49b0c160e7d0231ad70f3e45c9e9e7a7935da863792fde2732a2ce594614
Details sha256 1 
f7ae58f22cbdeb69318f6cb3ff3757a9888e8731febd66e85ee9938f874705c9
Details IPv4 1 
144.126.151.185