Analyzing a Multi-Stage AsyncRAT Campaign via Managed Detection and Response
==================================================================================================================================================================================
Filename 					Sha256										Detection name
ne.py						3475330b22f8652e713311689085a5ec24d03ce68d229e43afe89ed2f05a4a01		Trojan.Python.SHELMA.B
Rechnung zu Auftrag W19248960825.pdf.url	33696190e43ede407b1b4903b10cafda0e49376d8ce0c85f01197f7c5073bc04		Trojan.LNK.DOWNLOADER.F
myfile.tar					e8abdc2f58bb7391eb541e4c06467f422549a79740a3a1ad2979d48595555400		Trojan.HTML.PHISH.IZ
we.html						af22cd07ebfcba8d457a1bfacee7b66c60846de1b1d7ab356398dac696984ced		Trojan.HTML.PHISH.IZ
new.html					41a01b6f2c4dc340cf35fab38c732e5d2660bedb15e3912d9970d724e20b4f71		Trojan.HTML.PHISH.IZ
vio.bat						403784357e6402433153d47c2362f26cc26e135a1305393cea074574d3027af5		Trojan.BAT.POWLOAD.N
xeno.bat					47fe42924e00e92e3b297426a8ce3aa39864fbf6e7ae65893b4f5dbe0ea8176c		Trojan.BAT.POWLOAD.N
ahke.bat					0948683788167caec8ec5552b88cf66e3c0a5c6d99b3843317f5c794400b401f		Trojan.BAT.POWEXEC.H
olsm.bat					201c4c502678c41ba2dbb196cfe0f9f61371c10fdf947f1682eff8202f4ce580		Trojan.BAT.POWEXEC.H
anc.wsf						0aa3250cfb6d7defc68d6d7ddfbdee05a2329a20d944e8d4bb0e6b7f5a85caee		Trojan.JS.RUNNER.B
wa.wsh						f3564370f1b243ca0bb6b31afe8f4bb11c35218e340dba94d4481218385be277		Trojan.JS.RUNNER.B
as.wsh						7600f3d353aa29512dfc0cbc4aa0481453c078692174384a8da668ff1c6bd65a		Trojan.JS.RUNNER.B
Rechnung_2025_10_33828247000801.pdf.lnk		b1032815b078aad59eb3bd32c29dee4621b37e516e679e84cb7d1c11c3eaff15		Trojan.LNK.QAKBOT.B
ow/new.bin					4a75881d1ea48ae165ab7069dbfe398882d982e6a860c29ed1d940c4f285c871		Trojan.Win32.SHELMA.C.enc
new.bin						e6cdcf2cdd49ac3ca256f30a7b5d11a9953748b5820b73845afcd7f9439d6290		Trojan.Win32.SHELMA.C.enc
ab/new.bin					9e3a9db6942f7c42da4c53b5294604b232354002cee16f554a82edb1cf69c82f		Trojan.Win32.SHELMA.C.enc
DATEV-Rechnung Nr.53511122025.pdf.zip		667d8cbd146c7e4c6dc674ff4219d3a7e682d6464e777a107e6207a7070bf626		Trojan.LNK.DOWNLOADER.F 
LEXWARE0019.pdf.url 				d035d396ae5cda562d4e674b66eeda52a55510fe5c1d379930bff5bfcce10f13		Trojan.Win32.XWORM.A
==================================================================================================================================================================================
Domain/IP																			Category
owners-insertion-rentals-pursuit[.]trycloudflare[.]com														Malware Accomplice
plus-condos-thy-redeem[.]trycloudflare[.]com															Malware Accomplice
citysearch-packed-bacterial-receptors[.]trycloudflare[.]com													Malware Accomplice
strength-blind-bristol-ten[.]trycloudflare[.]com														Malware Accomplice
syracuse-seeks-wilson-row.trycloudflare[.]com															Disease Vector
43[.]157[.]118[.]169																		C&C Server
license-appointed-asset-pulled[.]trycloudflare[.]com														Disease Vector
158[.]94[.]209[.]23																		C&C Server
pie-references-chart- ozone[.]trycloudflare[.]com														Disease Vector
hxxp://dl[.]dropboxusercontent[.]com/scl/fi/50mvsqpvyxid7m39g773l/Rechnung-zu-Auftrag-W19248960825.pdf.zip?rlkey=rtgatrazvz9rbqtxbj9rtf7os&st=t318uel6&dl=0	Malware Accomplice 
hxxps://dl[.]dropboxusercontent[.]com/scl/fi/5uvu1977pm1v8e5w9dujx/LEXWARE0019.pdf.zip?rlkey=n9y56p52jbsgujjk84pnvdrrf&st=fqekaosq&dl=0				Disease Vector