AsyncRAT

Malware Profile Updated 8 days ago
Download STIX
Preview STIX
AsyncRAT is a malicious software (malware) that infiltrates computer systems, often without the user's knowledge. It typically enters a system through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data hostage for ransom. Once the executable loads http_dll.dll, this DLL unpacks in memory and loads the AsyncRAT malware, initiating its harmful activities. This malware has been identified as particularly dangerous due to its stealthy infiltration methods and its potential to cause significant damage. The discovery of AsyncRAT was made possible by hunting for DLL side-loading alerts in Cortex XDR Analysis. A phishing campaign was identified, primarily targeting victims in Colombia and Argentina, aiming to deliver AsyncRAT. Additionally, threat actors have been found to hide this malware inside HTML files posing as delivery invoices. When these files are opened in a web browser, a chain of events is triggered, deploying AsyncRAT onto the unsuspecting victim's computer. Furthermore, AsyncRAT has also been known to infiltrate key US infrastructure through GIFs and SVGs, demonstrating its versatility and the wide range of tactics employed by its distributors. A hacking campaign utilizing AsyncRAT persisted for 11 months, deploying hundreds of unique loader samples across more than 100 domains. The rise of AsyncRAT was particularly noticeable during tax season, with cyber threats themed around 'tax attacks'. In a report ranking the most used remote access Trojans (RAT), AsyncRAT was listed among the top five, alongside Quasar RAT, PlugX, ShadowPad, and DarkComet. These findings underscore the prevalence and potential danger posed by AsyncRAT, highlighting the need for robust cybersecurity measures.
What's your take? (Question 1 of 5)
053007b0-191e-415c-99fe-8973693c59c4 Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Remcos
Loader
Rat
Payload
Trojan
Phishing
Crypter
Antivirus
Github
Ransomware
Windows
Exploit
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
AgentteslaUnspecified
2
AgentTesla is a well-known Remote Access Trojan (RAT) that has been utilized in numerous cybercrime activities. It is often delivered through malicious emails or suspicious downloads, and once inside the system, it can steal personal information, disrupt operations, or even hold data for ransom. The
XwormUnspecified
2
XWorm is a multifaceted malware that has been used by threat actors to exploit vulnerabilities in systems, particularly those running ScreenConnect client software. It provides remote access capabilities, allowing threat actors to infiltrate networks, exfiltrate sensitive data, and download addition
NETWIREUnspecified
2
NetWire is a type of malware, specifically a remote access trojan (RAT), that has been utilized for various malicious activities since at least 2014. Initially promoted as a legitimate tool for managing Windows computers remotely, NetWire was quickly adopted by cybercriminals and used in phishing at
DarkCometUnspecified
2
DarkComet is a type of malware, specifically a Remote Access Trojan (RAT), that opens a backdoor on an infected computer to steal information. It is part of a larger family of RATs which includes other malicious software such as PlugX, ShadowPad, and AsyncRAT. DarkComet, along with these other RATs,
njRATUnspecified
2
NjRAT is a malicious software, or malware, that has been used in both criminal and targeted attacks since 2013. This remote-access Trojan (RAT) is capable of identifying remote hosts on connected networks (T1018) and detecting if the victim system has a camera during the initial infection (T1120). I
TargetcompanyUnspecified
2
TargetCompany, also known as Mallox, FARGO, Tohnichi, and Xollam, is a ransomware strain that has been exploiting Microsoft Windows systems. This malicious software has been specifically targeting unsecured Microsoft SQL Servers to infiltrate victims' systems and distribute the ransomware. The group
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the AsyncRAT Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Fortinet
a year ago
Microsoft OneNote File Being Leveraged by Phishing Campaigns to Spread Malware | FortiGuard Labs
Trend Micro
6 months ago
Analyzing AsyncRAT's Code Injection into Aspnet_Compiler.exe Across Multiple Incident Response Cases
MITRE
6 months ago
TA2541: Threats to Aviation, Aerospace, & Travel | Proofpoint US
CERT-EU
5 months ago
AsyncRAT loader: Obfuscation, DGAs, decoys and Govno
Unit42
3 months ago
Intruders in the Library: Exploring DLL Hijacking
Checkpoint
a year ago
DotRunpeX - demystifying new virtualized .NET injector used in the wild - Check Point Research
CERT-EU
3 months ago
Tax Season Phishing Surge: Cyber Exploits with AsyncRAT
CERT-EU
a year ago
OnlyDcRatFans: Malware Distributed Using Explicit Lures of OnlyFans…
Malware-traffic-analysis.net
2 months ago
Malware-Traffic-Analysis.net - 2024-03-14: AsyncRAT and XWorm infection
CERT-EU
5 months ago
Stealthy AsyncRAT malware attacks targets US infrastructure for 11 months
CERT-EU
5 months ago
AsyncRAT Infiltrates Key US Infrastructure Through GIFs and SVGs
CERT-EU
5 months ago
AsyncRAT Malware Attacking the US Infrastructure for 11 Months
CERT-EU
6 months ago
Hackers Deliver AsyncRAT Through Weaponized WSF Script Files
MITRE
6 months ago
Operation Layover: How we tracked an attack on the aviation industry to five years of compromise
Quick Heal Technologies Ltd.
a year ago
AsyncRAT Analysis with ChatGPT
Trend Micro
10 months ago
TargetCompany Ransomware Abuses FUD Obfuscator Packers
CERT-EU
5 months ago
This Malware is Assaulting Critical US Infrastructure for Almost a Year
CERT-EU
6 months ago
Analyzing AsyncRAT's code injection into aspnet_compiler.exe across multiple incident response cases - Cyber Security Review
MITRE
a year ago
Operation Spalax: Targeted malware attacks in Colombia | WeLiveSecurity
Malwarebytes
3 months ago
Stopping a targeted attack on a Managed Service Provider (MSP) with ThreatDown MDR | Malwarebytes