Resubmissions
23-09-2023 06:20
230923-g3294afc74 622-09-2023 09:24
230922-ldawrshb83 1021-09-2023 15:40
230921-s4gwbsha8z 419-09-2023 16:03
230919-thpvgscc79 119-09-2023 13:37
230919-qw5w3shc6s 1019-09-2023 13:25
230919-qn8yrsbc63 1013-09-2023 11:47
230913-nx8m9aeb62 412-09-2023 19:11
230912-xv98qshf86 1012-09-2023 19:03
230912-xqr7cshf46 1012-09-2023 11:47
230912-nybd5sca41 1General
-
Target
https://google.com
-
Sample
230909-rkhg3sbg35
Malware Config
Extracted
asyncrat
1.0.7
def
37.18.62.18:8060
era2312swe12-1213rsgdkms23
-
delay
1
-
install
true
-
install_file
CCXProcess.exe
-
install_folder
%Temp%
Extracted
toxiceye
https://api.telegram.org/bot5687152406:AAFin_LYFhJGLydMgYheeUDec-2orew51aM/sendMessage?chat_id=2024893777
Targets
-
-
Target
https://google.com
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
-
ToxicEye
ToxicEye is a trojan written in C#.
-
Async RAT payload
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1