Back

Tracking the Surge in Non-PE Cyber Threats

May 9, 2024, 3:23 p.m.

Tags

2024-05-04
2024-05-05
2024-05-06
2024-05-07
2024-05-08
asyncrat
analysis
spam
infection chain
2024-05-09

External References

https://www.mcafee.com/

https://otx.alienvault.com/

Description

This intelligence report details a sophisticated infection chain that culminates in the deployment of AsyncRAT, a potent malware designed to breach computer systems and steal confidential data. The meticulous analysis unravels the intricate sequence, commencing with a spam email containing a malicious HTML attachment that triggers the download of various file types, including Windows Script Files, Visual Basic Scripts, and PowerShell scripts. These files work in tandem to bypass security mechanisms, establish persistence, and ultimately lead to the injection of the AsyncRAT payload into the aspnet_compiler.exe process.

Date

Published Created Modified
May 9, 2024, 3:04 p.m. May 9, 2024, 3:04 p.m. May 9, 2024, 3:23 p.m.

Indicators

ec6805562419e16de9609e2a210464d58801c8b8be964f876cf062e4ab52681a

e2d30095e7825589c3ebd198f31e4c24e213d9f43fc3bb1ab2cf06b70c6eac1d

daee41645adcf22576def12cb42576a07ed5f181a71d3f241c2c14271aad308b

b46cd34f7a2d3db257343501fe47bdab67e796700f150b8c51a28bb30650c28f

a0c40aa214cb28caaf1a2f5db136bb079780f05cba50e84bbaeed101f0de7fb3

969c50f319a591b79037ca50cda55a1bcf2c4284e6ea090a68210039034211db

909ec84dfa3f2a00431a20d4b8a241f2959cac2ea402692fd46f4b7dbf247e90

7d8a4aa184eb350f4be8706afb0d7527fca40c4667ab0491217b9e1e9d0f9c81

569e33818e6af315b5f290442f9e27dc6c56a25259d9c9866b2ffb4176d07103

0d6bc7db43872fc4d012124447d3d050b123200b720d305324ec7631f739d98d

142.202.240.40

http://142.202.240.40:222/r.jpg

http://142.202.240.40:222/1.txt

Attack Patterns

AsyncRAT

AsyncRAT

T1574.010

T1578

T1107

T1569.002

T1076

T1197

T1574.002

T1059.005

T1059.001

T1059.007

T1497

T1562.001

T1574.001

T1573

T1071

T1219

T1027

T1112