ANY.RUN Shares Analysis of AsyncRAT’s Infection Tactics via Open Directories
DUBAI, DUBAI, UNITED ARAB EMIRATES, November 7, 2024 /EINPresswire.com/ — ANY.RUN, a leader in interactive malware analysis and threat intelligence, has released a technical analysis of new techniques used in multi-stage attacks involving AsyncRAT. The report details how attackers exploit open directories to distribute AsyncRAT, examines the infection mechanisms, and offers indicators of compromise (IOCs) for identifying and mitigating this persistent threat.
𝐀𝐛𝐨𝐮𝐭 𝐀𝐬𝐲𝐧𝐜𝐑𝐀𝐓 𝐌𝐚𝐥𝐰𝐚𝐫𝐞
Known for its ability to grant remote access to threat actors, AsyncRAT has been one of the most pervasive Remote Access Trojans (RATs) since its launch in 2019. The malware has been observed to engage in data theft, stealing sensitive information of victims, as well as delivery of other malicious programs on to the compromised systems.
𝐊𝐞𝐲 𝐈𝐧𝐬𝐢𝐠𝐡𝐭𝐬 𝐟𝐫𝐨𝐦 𝐭𝐡𝐞 𝐀𝐧𝐚𝐥𝐲𝐬𝐢𝐬 𝐨𝐟 𝐀𝐬𝐲𝐧𝐜𝐑𝐀𝐓’𝐬 𝐀𝐭𝐭𝐚𝐜𝐤𝐬 𝐯𝐢𝐚 𝐎𝐩𝐞𝐧 𝐃𝐢𝐫𝐞𝐜𝐭𝐨𝐫𝐢𝐞𝐬
The AsyncRAT attacks presented in the report leverage open directories exposed to the internet to initiate the infection process. The attacks involve a series of obfuscated scripts and disguised files designed to evade detection and ensure the persistence of the malware on the infected system.
· Attacks start with malicious VBS and PowerShell scripts that are disguised as text and JPG files and hosted on open directories controlled by threat actors. The scripts are then used to facilitate the infection process.
· To ensure persistence on the infected system, the attackers employ scheduled tasks that run every two minutes.
· The final stage of the attacks involves executing the main payload, which includes malicious DLL and EXE files (AsyncRAT). These files establish communication with the attacker’s Command and Control (C2) server.
The report also provides security professionals with actionable IOCs to safeguard their environments against AsyncRAT. The full analysis is available on ANY.RUN’s blog.
𝐀𝐛𝐨𝐮𝐭 𝐀𝐍𝐘.𝐑𝐔𝐍
ANY.RUN serves over 500,000 cybersecurity professionals globally, offering an interactive platform for malware analysis targeting Windows and Linux environments. With advanced threat intelligence tools such as TI Lookup, YARA Search, and Feeds, ANY.RUN enhances incident response and provides analysts with essential data to counter cyber threats effectively.
The ANY.RUN team
ANYRUN FZCO
+1 657-366-5050
email us here
Visit us on social media:
X
Legal Disclaimer:
EIN Presswire provides this news content “as is” without warranty of any kind. We do not accept any responsibility or liability
for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this
article. If you have any complaints or copyright issues related to this article, kindly contact the author above.