AsyncRAT

Malware updated 5 days ago (2024-09-02T20:17:49.473Z)

Download STIX

Preview STIX

AsyncRAT is a form of malware, malicious software designed to exploit and damage computer systems. It infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once installed, it can steal personal information, disrupt operations, or even hold data hostage for ransom. In recent events, the SocGholish malware was used as a vehicle to spread AsyncRAT. After an executable loads http_dll.dll, the DLL unpacks in memory, subsequently loading the AsyncRAT malware. This strategy makes detection and removal of the malware particularly challenging. The latest version of AsyncRAT includes an infostealer plugin designed to exfiltrate data from popular web browsers like Chrome and Firefox, as well as cryptocurrency wallet extensions such as MetaMask and Coinbase. This functionality enables the malware to steal sensitive user data from these applications. The scripts created by the malware establish a scheduled task to execute the AsyncRAT payload repeatedly, further complicating its detection and removal. On August 29, 2024, eSentire's Threat Response Unit (TRU) discovered an AsyncRAT infection that was delivered through a Windows Script File (.wsf) via email. These tactics include using publicly available Remote Access Trojans (RATs) like njRAT and AsyncRAT, which are customized for espionage or financial theft. The group known as BlindEagle has been observed running operations using njRAT, LimeRAT, BitRAT, and AsyncRAT, among others, indicating a broad usage of RATs in cyber-espionage activities.

Description last updated: 2024-09-02T20:16:29.690Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Malware

Rat

Payload

Remcos

Phishing

Trojan

Loader

Windows

Ransomware

Downloader

Exploit

Chrome

Crypter

Antivirus

Github

Source

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

ID	Type	Votes	Profile Description
njRAT	Unspecified	4	NjRAT is a remote-access Trojan (RAT) that has been prevalent in both criminal and targeted attacks since as early as 2013. It is part of a suite of RATs used by attackers, including Remcos, AsyncRAT, Lime-RAT, Quasar RAT, BitRAT, among others. These malicious programs are typically customized for e
DarkComet	Unspecified	2	DarkComet is a Remote Access Trojan (RAT) that opens a backdoor on infected computers, allowing unauthorized access and data theft. This malware has been classified among the top five Command and Control (C2) families, indicating its widespread usage by cybercriminals. DarkComet, along with other es
Targetcompany	Unspecified	2	TargetCompany is a known malware entity, often referred to as Mallox, Tohnichi, or Fargo in various articles and blog posts. This malicious software is designed to infiltrate and damage computer systems, often without the user's knowledge. It can enter systems through suspicious downloads, emails, o
Agenttesla	Unspecified	2	AgentTesla is a well-known remote access trojan (RAT) that has been used extensively in cybercrime operations. It infiltrates systems through various methods, including malicious emails and suspicious downloads. Once inside, it can steal personal information, disrupt operations, or hold data hostage
Xworm	Unspecified	2	XWorm is a multifaceted malware that has been observed to exploit vulnerabilities in ScreenConnect, a remote access software. This malware provides threat actors with remote access capabilities and the potential to spread across networks, exfiltrate sensitive data, and download additional payloads.
NETWIRE	Unspecified	2	NetWire is a type of malware, specifically a remote access trojan (RAT), that has been utilized for various malicious activities since at least 2014. Initially promoted as a legitimate tool for managing Windows computers remotely, NetWire was quickly adopted by cybercriminals and used in phishing at
Socgholish	Unspecified	2	SocGholish is a malicious software (malware) that has been significantly prevalent in cyber threats over recent years. In 2022, it was observed being used in conjunction with the Parrot TDS to deliver the FakeUpdates downloader to unsuspecting visitors on compromised websites. By late 2022, Microsof
Lockbit	Unspecified	2	LockBit is a malicious software, or malware, that has been notably active and damaging in the cyber world. Known for its ability to infiltrate systems often without detection, it can steal personal information, disrupt operations, and even hold data hostage for ransom. In the first half of 2024, Loc
Fakeupdates	Unspecified	2	FakeUpdates, also known as SocGholish, is a JavaScript-based loader malware that primarily targets Microsoft Windows environments. It first gained attention in 2022 when cybersecurity firms Sucuri and Avast noted its use in compromised websites, where it was delivered to unsuspecting visitors via th

Source Document References

Information about the AsyncRAT Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Contagio	5 days ago	2024-08-29 ASYNCRAT Samples
Checkpoint	12 days ago	26th August – Threat Intelligence Report - Check Point Research
Securelist	20 days ago	An overview of the BlindEagle APT’s activity in Latin America
Securityaffairs	a month ago	SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6
Fortinet	a month ago	PureHVNC Deployed via Python Multi-stage Loader \| FortiGuard Labs
Securityaffairs	a month ago	security-affairs-malware-newsletter-round-5
Securityaffairs	2 months ago	SocGholish malware used to spread AsyncRAT malware
Recorded Future	2 months ago	2023 Adversary Infrastructure Report \| Recorded Future
Checkpoint	3 months ago	Inside the Box: Malware’s New Playground - Check Point Research
DARKReading	4 months ago	HP Catches Cybercriminals 'Cat-Phishing' Users
Pulsedive	5 months ago	Pulsedive Blog \| CyberChef 101 Tool Guide
Malware-traffic-analysis.net	6 months ago	Malware-Traffic-Analysis.net - 2024-03-14: AsyncRAT and XWorm infection
CERT-EU	6 months ago	New Vcurms Malware Targets Popular Browsers for Data Theft
CERT-EU	6 months ago	Tax Season Phishing Surge: Cyber Exploits with AsyncRAT
BankInfoSecurity	8 months ago	Breach Roundup: FTC Bans Data Broker From Sharing Locations
InfoSecurity-magazine	8 months ago	Malware Takedowns Show Progress, But Fight Against Cybercrime Not Over
Recorded Future	8 months ago	2023 Adversary Infrastructure Report \| Recorded Future
CERT-EU	8 months ago	Beware! YouTube Videos Promoting Cracked Software Distribute Lumma Stealer
CERT-EU	8 months ago	US critical infrastructure, others subjected to prolonged AsyncRAT malware attacks
CERT-EU	8 months ago	AsyncRAT loader: Obfuscation, DGAs, decoys and Govno