.. /.A3x

Executable

Script

Contributors:

Gabriel Mathenge - @_theVIVI

Description:

An .a3x file is an AutoIt v3 compiled script. An .a3x file can be used with the standalone and digitally signed AutoIt binary (AutoIt3.exe or AutoIt3_x64.exe) to execute malicious code in the context of a signed/trusted process.

OS:

Windows

Recommendation:

Monitor and disallow .a3x files. Monitoring for the unexpected presence and execution of the AutoIt3.exe binary might also be useful.

Resources:

https://twitter.com/_theVIVI/status/1463397785336795136

https://thevivi.net/blog/pentesting/2021-11-24-autoitmating-your-dotnet-tradecraft

https://github.com/V1V1/OffensiveAutoIt

File Samples:

https://www.virustotal.com/gui/file/efc6e6f7519621fce9780ffc794cc4bfbec7af28a8ef8706aed922d1bd3c758c?nocache=1