Tracking the Surge in Non-PE Cyber Threats
May 9, 2024, 3:23 p.m.
Tags
External References
Description
This intelligence report details a sophisticated infection chain that culminates in the deployment of AsyncRAT, a potent malware designed to breach computer systems and steal confidential data. The meticulous analysis unravels the intricate sequence, commencing with a spam email containing a malicious HTML attachment that triggers the download of various file types, including Windows Script Files, Visual Basic Scripts, and PowerShell scripts. These files work in tandem to bypass security mechanisms, establish persistence, and ultimately lead to the injection of the AsyncRAT payload into the aspnet_compiler.exe process.
Date
Published: May 9, 2024, 3:04 p.m.
Created: May 9, 2024, 3:04 p.m.
Modified: May 9, 2024, 3:23 p.m.
Indicators
ec6805562419e16de9609e2a210464d58801c8b8be964f876cf062e4ab52681a
e2d30095e7825589c3ebd198f31e4c24e213d9f43fc3bb1ab2cf06b70c6eac1d
daee41645adcf22576def12cb42576a07ed5f181a71d3f241c2c14271aad308b
b46cd34f7a2d3db257343501fe47bdab67e796700f150b8c51a28bb30650c28f
a0c40aa214cb28caaf1a2f5db136bb079780f05cba50e84bbaeed101f0de7fb3
969c50f319a591b79037ca50cda55a1bcf2c4284e6ea090a68210039034211db
909ec84dfa3f2a00431a20d4b8a241f2959cac2ea402692fd46f4b7dbf247e90
7d8a4aa184eb350f4be8706afb0d7527fca40c4667ab0491217b9e1e9d0f9c81
569e33818e6af315b5f290442f9e27dc6c56a25259d9c9866b2ffb4176d07103
0d6bc7db43872fc4d012124447d3d050b123200b720d305324ec7631f739d98d
142.202.240.40
http://142.202.240.40:222/r.jpg
http://142.202.240.40:222/1.txt
Attack Patterns
AsyncRAT
AsyncRAT
T1574.010
T1578
T1107
T1569.002
T1076
T1197
T1574.002
T1059.005
T1059.001
T1059.007
T1497
T1562.001
T1574.001
T1573
T1071
T1219
T1027
T1112