𝐀𝐛𝐨𝐮𝐭 𝐀𝐬𝐲𝐧𝐜𝐑𝐀𝐓 𝐌𝐚𝐥𝐰𝐚𝐫𝐞
Known for its ability to grant remote access to threat actors, AsyncRAT has been one of the most pervasive Remote Access Trojans (RATs) since its launch in 2019. The malware has been observed to engage in data theft, stealing sensitive information of victims, as well as delivery of other malicious programs on to the compromised systems.
𝐊𝐞𝐲 𝐈𝐧𝐬𝐢𝐠𝐡𝐭𝐬 𝐟𝐫𝐨𝐦 𝐭𝐡𝐞 𝐀𝐧𝐚𝐥𝐲𝐬𝐢𝐬 𝐨𝐟 𝐀𝐬𝐲𝐧𝐜𝐑𝐀𝐓’𝐬 𝐀𝐭𝐭𝐚𝐜𝐤𝐬 𝐯𝐢𝐚 𝐎𝐩𝐞𝐧 𝐃𝐢𝐫𝐞𝐜𝐭𝐨𝐫𝐢𝐞𝐬
The AsyncRAT attacks presented in the report leverage open directories exposed to the internet to initiate the infection process. The attacks involve a series of obfuscated scripts and disguised files designed to evade detection and ensure the persistence of the malware on the infected system.
· Attacks start with malicious VBS and PowerShell scripts that are disguised as text and JPG files and hosted on open directories controlled by threat actors. The scripts are then used to facilitate the infection process.
· To ensure persistence on the infected system, the attackers employ scheduled tasks that run every two minutes.
· The final stage of the attacks involves executing the main payload, which includes malicious DLL and EXE files (AsyncRAT). These files establish communication with the attacker's Command and Control (C2) server.
The report also provides security professionals with actionable IOCs to safeguard their environments against AsyncRAT. The full analysis is available on ANY.RUN’s blog.
𝐀𝐛𝐨𝐮𝐭 𝐀𝐍𝐘.𝐑𝐔𝐍
ANY.RUN serves over 500,000 cybersecurity professionals globally, offering an interactive platform for malware analysis targeting Windows and Linux environments. With advanced threat intelligence tools such as TI Lookup, YARA Search, and Feeds, ANY.RUN enhances incident response and provides analysts with essential data to counter cyber threats effectively.
The ANY.RUN team
ANYRUN FZCO
+1 657-366-5050
email us here
Visit us on social media:
Twitter