Advanced CyberChef Tips: AsyncRAT Loader | Huntress
ATT&CK techniques detected
T1059.001PowerShell
98%
“and completeness, we manually replaced the last decoded values, leaving this as the final state of the script. before and after pics here you can see a full before and after of our cyberchef decoding. here you can see a full before / after, with the string concatenations and assi…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1027.010Command Obfuscation
96%
“but it results in a slightly cleaner output ) obfuscation 4 : string concatenation we then had one final obfuscation remaining. it is arguably the simplest so far and ironically the only one that could not be resolved via cyberchef. throughout the code are concatenated strings th…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1059.005Visual Basic
93%
“advanced cyberchef tips : asyncrat loader | huntress the huntress soc team encountered and investigated an infection involving a malicious malware loader on a huntress - protected host. this investigation was initiated via persistence monitoring, which triggered on a suspicious v…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1059.005Visual Basic
58%
“. vbs is text - based, we transferred the file into an analysis virtual machine and opened it using a text editor. upon realizing the script was obfuscated, we transferred the contents into cyberchef. analysing the file the obfuscated contents of the script can be seen below. the…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Need some CyberChef tips? You've come to the right blog.