Analysis of AsyncRAT's Infection Tactics via Open Directories
Nov. 7, 2024, 10:01 p.m.
Description
This analysis explores two distinct methods used to infect systems with AsyncRAT through open directories. The first technique involves a multi-stage process using various obfuscated scripts (VBS, BAT, PowerShell) and disguised files to download and execute the AsyncRAT payload. The second method employs a simpler two-stage approach, utilizing a VBS script and a disguised PowerShell script to create files and set up a scheduled task for persistent infection. Both techniques demonstrate the adaptability of attackers in using publicly accessible files to spread AsyncRAT, a Remote Access Trojan designed for system infiltration and remote control.
Tags
Date
- Created: Nov. 7, 2024, 5:32 p.m.
- Published: Nov. 7, 2024, 5:32 p.m.
- Modified: Nov. 7, 2024, 10:01 p.m.
Indicators
- f0d190d78b3ed7d83cc30224cd55bc158bdd5c40ec7b1f0108ee27afa1996ab1
- d5ca45ab8c9c9e6f932e9500836bd8cd725c4739dafe80a5d41e29389c3d69f3
- d4edb13aa499b39b74912a30c22a1cba6d00694dcb68fa542bdc3d9ab2b66f68
- b1b67754391f0598e86254ad8c3a5741b70472138c1fa1be439be788c682345e
- 7b73596346a36f83b6b540bfc2b779fec228a050e6d7de631d0518b526b9b128
- 73e945f14db13a00fe72b5c2a20233e3bb98816bb31d035e0776b92246f681bc
- 70733e5f26a5b4d8c3d2bcc9a21cd015cee63dc0f93c819e7c401237f69967fe
- 561bb05d2c67fe221646b5af653ef7d1e7e552e6745f980385bd344d8155df0f
- 2b312c476ccf036b5339f023a732ddf1aef3f193f59b304ba8089872bae47540
- 29e93b2eac97547386f435811ccf0531ad0df62fd5f021e7e5ea90b2f1f2d69a
- 20b15104f0afc362126f43c0b8628bced3cdecec768bcde79e60ff094c108f8a
- 2c6c4cd045537e2586eab73072d790af362e37e6d4112b1d01f15574491296b8
- 5b1b7bd1fadfc3d2abcd8ea8f863fe96233e1dac8b994311c6a331179243b5cd
- storeroot.duckdns.org
- anothonesevenfivesecsned.ddns.net
Attack Patterns
- AsyncRAT
- T1053.005
- T1059.005
- T1059.003
- T1059.001
- T1571
- T1204.002
- T1047
- T1055
- T1140
- T1027