Distribution of AsyncRAT Disguised as Ebook

July 10, 2024, 9:29 a.m.

Description

This analysis covers the distribution of AsyncRAT malware disguised as an ebook. The compressed file contains a malicious LNK and PowerShell scripts that ultimately execute AsyncRAT. The malware employs various techniques, such as obfuscation, task scheduling, and anti-VM and anti-AV capabilities, to maintain persistence and exfiltrate user information while receiving commands from the threat actor. Particular caution is advised due to the potential for widespread distribution via phishing emails and file-sharing websites.

Date

Published: July 10, 2024, 9:22 a.m.

Created: July 10, 2024, 9:22 a.m.

Modified: July 10, 2024, 9:29 a.m.

Indicators

b8f1fe93386003e82a148e0efd52759bc3be7bc7088537f6d031faec54870fb3

a562909c5c9b7b8c20484cd0822e2c379d36a34432ef11306bf1e1f28762aeb6

https://worldofprocure.com/worldofprocure.rar

Attack Patterns

AsyncRAT

T1064

T1059.005

T1059.001

T1548

T1059.007

T1497

T1070

T1057

T1083

T1569

T1036

T1027