Today > | 7 High | 23 Medium | 2 Low vulnerabilities   -   You can now download lists of IOCs here!

Analysis of AsyncRAT's Infection Tactics via Open Directories

Nov. 7, 2024, 10:01 p.m.

Description

This analysis explores two distinct methods used to infect systems with AsyncRAT through open directories. The first technique involves a multi-stage process using various obfuscated scripts (VBS, BAT, PowerShell) and disguised files to download and execute the AsyncRAT payload. The second method employs a simpler two-stage approach, utilizing a VBS script and a disguised PowerShell script to create files and set up a scheduled task for persistent infection. Both techniques demonstrate the adaptability of attackers in using publicly accessible files to spread AsyncRAT, a Remote Access Trojan designed for system infiltration and remote control.

Date

Published: Nov. 7, 2024, 5:32 p.m.

Created: Nov. 7, 2024, 5:32 p.m.

Modified: Nov. 7, 2024, 10:01 p.m.

Indicators

f0d190d78b3ed7d83cc30224cd55bc158bdd5c40ec7b1f0108ee27afa1996ab1

d5ca45ab8c9c9e6f932e9500836bd8cd725c4739dafe80a5d41e29389c3d69f3

d4edb13aa499b39b74912a30c22a1cba6d00694dcb68fa542bdc3d9ab2b66f68

b1b67754391f0598e86254ad8c3a5741b70472138c1fa1be439be788c682345e

7b73596346a36f83b6b540bfc2b779fec228a050e6d7de631d0518b526b9b128

73e945f14db13a00fe72b5c2a20233e3bb98816bb31d035e0776b92246f681bc

70733e5f26a5b4d8c3d2bcc9a21cd015cee63dc0f93c819e7c401237f69967fe

561bb05d2c67fe221646b5af653ef7d1e7e552e6745f980385bd344d8155df0f

2b312c476ccf036b5339f023a732ddf1aef3f193f59b304ba8089872bae47540

29e93b2eac97547386f435811ccf0531ad0df62fd5f021e7e5ea90b2f1f2d69a

20b15104f0afc362126f43c0b8628bced3cdecec768bcde79e60ff094c108f8a

2c6c4cd045537e2586eab73072d790af362e37e6d4112b1d01f15574491296b8

5b1b7bd1fadfc3d2abcd8ea8f863fe96233e1dac8b994311c6a331179243b5cd

storeroot.duckdns.org

anothonesevenfivesecsned.ddns.net

Attack Patterns

AsyncRAT

T1053.005

T1059.005

T1059.003

T1059.001

T1571

T1204.002

T1047

T1055

T1140

T1027