General
-
Target
http://google.com
-
Sample
240628-svv2lavhja
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://google.com
Resource
win11-20240611-en
Malware Config
Extracted
asyncrat
0.5.8
T
20.199.8.16:1726
31FGTEWnaxDE
-
delay
3
-
install
false
-
install_file
SeacrhIndexer
-
install_folder
%AppData%
Extracted
asyncrat
0.5.8
Y
20.199.8.16:1726
eYLuHMmPZK7A
-
delay
3
-
install
false
-
install_file
SeacrhIndexer
-
install_folder
%AppData%
Targets
-
-
Target
http://google.com
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Hide Artifacts: Hidden Files and Directories
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Hide Artifacts
2Hidden Files and Directories
2Impair Defenses
1Disable or Modify Tools
1Modify Registry
4Subvert Trust Controls
1Install Root Certificate
1