Questions? +1 (202) 335-3939 Login
Trusted News Since 1995
A service for global professionals · Friday, November 22, 2024 · 762,925,717 Articles · 3+ Million Readers

ANY.RUN Shares Analysis of AsyncRATโ€™s Infection Tactics via Open Directories

DUBAI, DUBAI, UNITED ARAB EMIRATES, November 7, 2024 /EINPresswire.com/ -- ANY.RUN, a leader in interactive malware analysis and threat intelligence, has released a technical analysis of new techniques used in multi-stage attacks involving AsyncRAT. The report details how attackers exploit open directories to distribute AsyncRAT, examines the infection mechanisms, and offers indicators of compromise (IOCs) for identifying and mitigating this persistent threat.

๐€๐›๐จ๐ฎ๐ญ ๐€๐ฌ๐ฒ๐ง๐œ๐‘๐€๐“ ๐Œ๐š๐ฅ๐ฐ๐š๐ซ๐ž

Known for its ability to grant remote access to threat actors, AsyncRAT has been one of the most pervasive Remote Access Trojans (RATs) since its launch in 2019. The malware has been observed to engage in data theft, stealing sensitive information of victims, as well as delivery of other malicious programs on to the compromised systems.

๐Š๐ž๐ฒ ๐ˆ๐ง๐ฌ๐ข๐ ๐ก๐ญ๐ฌ ๐Ÿ๐ซ๐จ๐ฆ ๐ญ๐ก๐ž ๐€๐ง๐š๐ฅ๐ฒ๐ฌ๐ข๐ฌ ๐จ๐Ÿ ๐€๐ฌ๐ฒ๐ง๐œ๐‘๐€๐“โ€™๐ฌ ๐€๐ญ๐ญ๐š๐œ๐ค๐ฌ ๐ฏ๐ข๐š ๐Ž๐ฉ๐ž๐ง ๐ƒ๐ข๐ซ๐ž๐œ๐ญ๐จ๐ซ๐ข๐ž๐ฌ

The AsyncRAT attacks presented in the report leverage open directories exposed to the internet to initiate the infection process. The attacks involve a series of obfuscated scripts and disguised files designed to evade detection and ensure the persistence of the malware on the infected system.

ยท Attacks start with malicious VBS and PowerShell scripts that are disguised as text and JPG files and hosted on open directories controlled by threat actors. The scripts are then used to facilitate the infection process.

ยท To ensure persistence on the infected system, the attackers employ scheduled tasks that run every two minutes.

ยท The final stage of the attacks involves executing the main payload, which includes malicious DLL and EXE files (AsyncRAT). These files establish communication with the attacker's Command and Control (C2) server.

The report also provides security professionals with actionable IOCs to safeguard their environments against AsyncRAT. The full analysis is available on ANY.RUNโ€™s blog.

๐€๐›๐จ๐ฎ๐ญ ๐€๐๐˜.๐‘๐”๐

ANY.RUN serves over 500,000 cybersecurity professionals globally, offering an interactive platform for malware analysis targeting Windows and Linux environments. With advanced threat intelligence tools such as TI Lookup, YARA Search, and Feeds, ANY.RUN enhances incident response and provides analysts with essential data to counter cyber threats effectively.

The ANY.RUN team
ANYRUN FZCO
+1 657-366-5050
email us here
Visit us on social media:
X

Powered by EIN Presswire

Distribution channels: Business & Economy, IT Industry, International Organizations, Technology, World & Regional

Legal Disclaimer:

EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.

Submit your press release