Today > | 1 Medium vulnerabilities   -   You can now download lists of IOCs here!

Malware by the (Bit)Bucket: Uncovering AsyncRAT

Oct. 11, 2024, 8:10 a.m.

Description

A sophisticated attack campaign using Bitbucket as a legitimate platform to deliver AsyncRAT has been uncovered. The multi-stage approach involves a VBScript obfuscation layer, followed by a PowerShell payload delivery mechanism, and culminates in the execution of AsyncRAT. The attackers exploit Bitbucket's legitimacy and accessibility to host malicious payloads. The campaign employs various evasion techniques, including anti-VM checks and obfuscation. Persistence is established through Registry Run Keys and Startup Folder shortcuts. AsyncRAT provides extensive control over infected machines, enabling remote desktop control, file management, keylogging, and more. The attack demonstrates a high level of sophistication in its use of legitimate platforms and multi-layered obfuscation techniques.

Date

Published: Oct. 10, 2024, 4:05 p.m.

Created: Oct. 10, 2024, 4:05 p.m.

Modified: Oct. 11, 2024, 8:10 a.m.

Attack Patterns

AsyncRAT

T1021.001

T1059.003

T1059.001

T1497

T1056.001

T1113

T1486

T1547

T1055

T1219

T1036

T1140

T1027

T1041

T1003