Resubmissions
09-09-2024 19:47
240909-yhlkaawgqp 316-08-2024 15:24
240816-stchvswbkk 319-07-2024 09:10
240719-k46wfswhja 119-07-2024 09:10
240719-k41z7stalq 109-07-2024 04:19
240709-exzwnswbnr 808-07-2024 07:13
240708-h2an5azgkg 607-07-2024 10:00
240707-l1l8ba1gqb 1007-07-2024 09:59
240707-l1e41a1gpc 106-07-2024 07:41
240706-jjdhqstcpg 406-07-2024 06:14
240706-gzq3na1blh 1General
-
Target
https://github.com
-
Sample
240627-wjpbfssgkc
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://github.com
Resource
win10-20240404-en
Malware Config
Extracted
asyncrat
0.5.8
T
20.199.8.16:1726
31FGTEWnaxDE
-
delay
3
-
install
false
-
install_file
SeacrhIndexer
-
install_folder
%AppData%
Extracted
asyncrat
0.5.8
Y
20.199.8.16:1726
eYLuHMmPZK7A
-
delay
3
-
install
false
-
install_file
SeacrhIndexer
-
install_folder
%AppData%
Targets
-
-
Target
https://github.com
-
Downloads MZ/PE file
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Hide Artifacts: Hidden Files and Directories
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Hide Artifacts
2Hidden Files and Directories
2Impair Defenses
1Disable or Modify Tools
1Modify Registry
4Subvert Trust Controls
1Install Root Certificate
1