AsyncRAT

Malware updated a month ago (2024-11-29T13:59:28.909Z)
Download STIX
Preview STIX
AsyncRAT is a malicious software (malware) that infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold your data hostage for ransom. It has recently risen to prominence, ranking 10th on the most prevalent malware list. The malware was spread using another malware called SocGholish and after loading an executable, AsyncRAT unpacks in memory. The distribution of AsyncRAT was facilitated by a script developed using artificial intelligence (AI). Threat actors likely used AI to develop this script, which was then used to modify the Registry, drop a JavaScript file executed as a scheduled task, and create a PowerShell script that triggers the AsyncRAT payload. Upon decryption, the attachment imitates a website but contains VBScript that acts as a dropper for the AsyncRAT infostealer. This campaign, discovered by researchers from HP Wolf Security, utilized both VBScript and JavaScript code to distribute AsyncRAT. The VBScript and JavaScript code were generated by generative artificial intelligence services, as per the evidence found by HP researchers. The structure of the scripts, comments explaining each line of code, and the choice of native language function names and variables strongly indicate that GenAI was used to create the malware. Furthermore, this version of AsyncRAT included an infostealer plugin designed to exfiltrate data from popular web browsers like Chrome and Firefox, as well as cryptocurrency wallet extensions such as MetaMask and Coinbase.
Description last updated: 2024-10-14T17:15:35.214Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Payload
Rat
Remcos
Loader
Trojan
Phishing
Source
Windows
Hp
Infostealer
Exploit
JavaScript
Downloader
PowerShell
Crypter
Antivirus
Github
Chrome
Scheduled Task
Ransomware
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The njRAT Malware is associated with AsyncRAT. NjRAT is a remote-access Trojan (RAT) that has been in use since 2013, often deployed in both criminal and targeted attacks. This malware can infiltrate systems via suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside a system, NjRAT can steal personal information, dUnspecified
4
The Lockbit Malware is associated with AsyncRAT. LockBit is a prominent ransomware-as-a-service (RaaS) malware that has been involved in numerous cyberattacks, demonstrating its staying power and adaptability. The malware, which can infiltrate systems through suspicious downloads, emails, or websites, is designed to exploit and damage computers orUnspecified
2
The Agenttesla Malware is associated with AsyncRAT. AgentTesla is a well-known Remote Access Trojan (RAT) and infostealer malware that has been used in numerous cyber-attacks. It is often delivered through malicious emails or downloads, and once inside a system, it can steal personal information, disrupt operations, or even hold data hostage for ransUnspecified
2
The Xworm Malware is associated with AsyncRAT. XWorm is a sophisticated piece of malware designed to infiltrate and exploit computer systems, often without the user's knowledge. It can be delivered through various means such as suspicious downloads, emails, or websites, and once inside a system, it can steal personal information, disrupt operatiUnspecified
2
The NETWIRE Malware is associated with AsyncRAT. NetWire is a type of malware, specifically a remote access trojan (RAT), that has been utilized for various malicious activities since at least 2014. Initially promoted as a legitimate tool for managing Windows computers remotely, NetWire was quickly adopted by cybercriminals and used in phishing atUnspecified
2
The Fakeupdates Malware is associated with AsyncRAT. FakeUpdates, a malicious software (malware), has become increasingly prevalent in recent years. It infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user, and can disrupt operations, steal personal information, or hold data hostage for ransom. In 2022, aUnspecified
2
The Socgholish Malware is associated with AsyncRAT. SocGholish is a malicious software (malware) that has been significantly prevalent in cyber threats over recent years. In 2022, it was observed being used in conjunction with the Parrot TDS to deliver the FakeUpdates downloader to unsuspecting visitors on compromised websites. By late 2022, MicrosofUnspecified
2
The DarkComet Malware is associated with AsyncRAT. DarkComet is a Remote Access Trojan (RAT) that opens a backdoor on infected computers, allowing unauthorized access and data theft. This malware has been classified among the top five Command and Control (C2) families, indicating its widespread usage by cybercriminals. DarkComet, along with other esUnspecified
2
The Targetcompany Malware is associated with AsyncRAT. TargetCompany is a known malware entity, often referred to as Mallox, Tohnichi, or Fargo in various articles and blog posts. This malicious software is designed to infiltrate and damage computer systems, often without the user's knowledge. It can enter systems through suspicious downloads, emails, oUnspecified
2
Source Document References
Information about the AsyncRAT Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Securelist
25 days ago
Checkpoint
2 months ago
DARKReading
3 months ago
Securityaffairs
3 months ago
InfoSecurity-magazine
3 months ago
Contagio
4 months ago
Checkpoint
4 months ago
Securelist
4 months ago
Securityaffairs
4 months ago
Fortinet
5 months ago
Securityaffairs
5 months ago
Securityaffairs
5 months ago
Recorded Future
6 months ago
Checkpoint
7 months ago
DARKReading
7 months ago
Pulsedive
9 months ago
Malware-traffic-analysis.net
9 months ago
CERT-EU
9 months ago
CERT-EU
10 months ago
BankInfoSecurity
a year ago