Distribution of AsyncRAT Disguised as Ebook
July 10, 2024, 9:29 a.m.
Tags
External References
Description
This analysis covers the distribution of AsyncRAT malware disguised as an ebook. The compressed file contains a malicious LNK and PowerShell scripts that ultimately execute AsyncRAT. The malware employs various techniques, such as obfuscation, task scheduling, and anti-VM and anti-AV capabilities, to maintain persistence and exfiltrate user information while receiving commands from the threat actor. Particular caution is advised due to the potential for widespread distribution via phishing emails and file-sharing websites.
Date
Published: July 10, 2024, 9:22 a.m.
Created: July 10, 2024, 9:22 a.m.
Modified: July 10, 2024, 9:29 a.m.
Indicators
b8f1fe93386003e82a148e0efd52759bc3be7bc7088537f6d031faec54870fb3
a562909c5c9b7b8c20484cd0822e2c379d36a34432ef11306bf1e1f28762aeb6
https://worldofprocure.com/worldofprocure.rar
stevenhead.ddns.net
worldofprocure.com
Attack Patterns
AsyncRAT
T1064
T1059.005
T1059.001
T1548
T1059.007
T1497
T1070
T1057
T1083
T1569
T1036
T1027