Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://sell-product...

windows10-2004-x64

10

https://sell-product...

windows11-21h2-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://sell-production.7bca50a0c064d476bbd1b6bdb43135ad.r2.cloudflarestorage.com/store/39750/listings/deliverables/TPSPoxR1tjvrw3nqDARFwixDWzQkPxHBxmBosA17.zip?response-content-disposition=attachment%3B%20filename%20%3D%22TPSPoxR1tjvrw3nqDARFwixDWzQkPxHBxmBosA17.zip%22&X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=968c8ef1669cf97adff907d50b2038b0%2F20240425%2Fauto%2Fs3%2Faws4_request&X-Amz-Date=20240425T182141Z&X-Amz-SignedHeaders=host&X-Amz-Expires=3600&X-Amz-Signature=912be15948c46a7ebbabffd74ae51fb92ebf673839a5f6d85b31ac54929b50ae

  • Sample

    240425-w4psqade42

Score
10/10
asyncratdefaultrat

Malware Config

Extracted

Family

asyncrat

Botnet

Default

Attributes
  • delay

    1

  • install

    true

  • install_file

    svchost.exe

  • install_folder

    %AppData%

  • pastebin_config

    https://pastebin.com/raw/z5PQ82wE

aes.plain

Targets

    • Target

      https://sell-production.7bca50a0c064d476bbd1b6bdb43135ad.r2.cloudflarestorage.com/store/39750/listings/deliverables/TPSPoxR1tjvrw3nqDARFwixDWzQkPxHBxmBosA17.zip?response-content-disposition=attachment%3B%20filename%20%3D%22TPSPoxR1tjvrw3nqDARFwixDWzQkPxHBxmBosA17.zip%22&X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=968c8ef1669cf97adff907d50b2038b0%2F20240425%2Fauto%2Fs3%2Faws4_request&X-Amz-Date=20240425T182141Z&X-Amz-SignedHeaders=host&X-Amz-Expires=3600&X-Amz-Signature=912be15948c46a7ebbabffd74ae51fb92ebf673839a5f6d85b31ac54929b50ae

    Score
    10/10
    asyncratdefaultrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Async RAT payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Tasks