Malicious Campaign Analysis: JScript RAT and CobaltStrike

June 7, 2024, 9:37 a.m.


This report examines a recent malicious campaign involving a JScript-based Remote Access Trojan (RAT) and its connections to the CobaltStrike penetration testing tool. The attack commences with an obfuscated JScript loader distributed through suspected phishing campaigns. Upon execution, it contacts a command and control (C&C) server to retrieve a second-stage loader. This loader employs WinHttpRequest and RC4 encryption to obtain the main RAT component, a JScript-based malware that maintains persistent communication with the C&C for receiving additional instructions. The report provides technical analysis of the malware components and speculates on potential connections to simulated attacks or threat actor testing based on observed IP ranges.


Published Created Modified
June 7, 2024, 8:59 a.m. June 7, 2024, 8:59 a.m. June 7, 2024, 9:37 a.m.


Attack Patterns