Analysis of AsyncRAT's Infection Tactics via Open Directories
Nov. 7, 2024, 10:01 p.m.
Tags
External References
Description
This analysis explores two distinct methods used to infect systems with AsyncRAT through open directories. The first technique involves a multi-stage process using various obfuscated scripts (VBS, BAT, PowerShell) and disguised files to download and execute the AsyncRAT payload. The second method employs a simpler two-stage approach, utilizing a VBS script and a disguised PowerShell script to create files and set up a scheduled task for persistent infection. Both techniques demonstrate the adaptability of attackers in using publicly accessible files to spread AsyncRAT, a Remote Access Trojan designed for system infiltration and remote control.
Date
Published: Nov. 7, 2024, 5:32 p.m.
Created: Nov. 7, 2024, 5:32 p.m.
Modified: Nov. 7, 2024, 10:01 p.m.
Indicators
f0d190d78b3ed7d83cc30224cd55bc158bdd5c40ec7b1f0108ee27afa1996ab1
d5ca45ab8c9c9e6f932e9500836bd8cd725c4739dafe80a5d41e29389c3d69f3
d4edb13aa499b39b74912a30c22a1cba6d00694dcb68fa542bdc3d9ab2b66f68
b1b67754391f0598e86254ad8c3a5741b70472138c1fa1be439be788c682345e
7b73596346a36f83b6b540bfc2b779fec228a050e6d7de631d0518b526b9b128
73e945f14db13a00fe72b5c2a20233e3bb98816bb31d035e0776b92246f681bc
70733e5f26a5b4d8c3d2bcc9a21cd015cee63dc0f93c819e7c401237f69967fe
561bb05d2c67fe221646b5af653ef7d1e7e552e6745f980385bd344d8155df0f
2b312c476ccf036b5339f023a732ddf1aef3f193f59b304ba8089872bae47540
29e93b2eac97547386f435811ccf0531ad0df62fd5f021e7e5ea90b2f1f2d69a
20b15104f0afc362126f43c0b8628bced3cdecec768bcde79e60ff094c108f8a
2c6c4cd045537e2586eab73072d790af362e37e6d4112b1d01f15574491296b8
5b1b7bd1fadfc3d2abcd8ea8f863fe96233e1dac8b994311c6a331179243b5cd
storeroot.duckdns.org
anothonesevenfivesecsned.ddns.net
Attack Patterns
AsyncRAT
T1053.005
T1059.005
T1059.003
T1059.001
T1571
T1204.002
T1047
T1055
T1140
T1027