AsyncRAT

Malware updated 3 months ago (2024-11-29T13:59:28.909Z)
Download STIX
Preview STIX
AsyncRAT is a malicious software (malware) that infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold your data hostage for ransom. It has recently risen to prominence, ranking 10th on the most prevalent malware list. The malware was spread using another malware called SocGholish and after loading an executable, AsyncRAT unpacks in memory. The distribution of AsyncRAT was facilitated by a script developed using artificial intelligence (AI). Threat actors likely used AI to develop this script, which was then used to modify the Registry, drop a JavaScript file executed as a scheduled task, and create a PowerShell script that triggers the AsyncRAT payload. Upon decryption, the attachment imitates a website but contains VBScript that acts as a dropper for the AsyncRAT infostealer. This campaign, discovered by researchers from HP Wolf Security, utilized both VBScript and JavaScript code to distribute AsyncRAT. The VBScript and JavaScript code were generated by generative artificial intelligence services, as per the evidence found by HP researchers. The structure of the scripts, comments explaining each line of code, and the choice of native language function names and variables strongly indicate that GenAI was used to create the malware. Furthermore, this version of AsyncRAT included an infostealer plugin designed to exfiltrate data from popular web browsers like Chrome and Firefox, as well as cryptocurrency wallet extensions such as MetaMask and Coinbase.
Description last updated: 2024-10-14T17:15:35.214Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Dcrat is a possible alias for AsyncRAT. DcRAT is a malicious software (malware) known as a Remote Access Trojan (RAT), which has been utilized in a widespread campaign to exploit computer systems. The malware infiltrates systems through deceptive methods, including downloads from fake Google Meet and OnlyFans sites. When a user interacts
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Rat
Payload
Remcos
Phishing
Loader
Trojan
Source
Windows
Infostealer
Hp
JavaScript
PowerShell
Crypter
Antivirus
Github
Scheduled Task
Chrome
Implant
Downloader
Ransomware
Exploit
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The njRAT Malware is associated with AsyncRAT. NjRAT is a remote-access Trojan (RAT) that has been in use since 2013, often deployed in both criminal and targeted attacks. This malware can infiltrate systems via suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside a system, NjRAT can steal personal information, dUnspecified
4
The Socgholish Malware is associated with AsyncRAT. SocGholish is a malicious software (malware) that has been significantly prevalent in cyber threats over recent years. In 2022, it was observed being used in conjunction with the Parrot TDS to deliver the FakeUpdates downloader to unsuspecting visitors on compromised websites. By late 2022, MicrosofUnspecified
2
The Quasar Rat Malware is associated with AsyncRAT. Quasar RAT is a type of malware, or malicious software, that is designed to exploit and damage computer systems. It can infiltrate systems through various channels such as suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, dUnspecified
2
The Lockbit Malware is associated with AsyncRAT. LockBit is a prominent ransomware-as-a-service (RaaS) malware that has been involved in numerous cyberattacks, demonstrating its staying power and adaptability. The malware, which can infiltrate systems through suspicious downloads, emails, or websites, is designed to exploit and damage computers orUnspecified
2
The Fakeupdates Malware is associated with AsyncRAT. FakeUpdates, a malicious software (malware), has become increasingly prevalent in recent years. It infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user, and can disrupt operations, steal personal information, or hold data hostage for ransom. In 2022, aUnspecified
2
The DarkComet Malware is associated with AsyncRAT. DarkComet is a Remote Access Trojan (RAT) that opens a backdoor on infected computers, allowing unauthorized access and data theft. This malware has been classified among the top five Command and Control (C2) families, indicating its widespread usage by cybercriminals. DarkComet, along with other esUnspecified
2
The Targetcompany Malware is associated with AsyncRAT. TargetCompany is a known malware entity, often referred to as Mallox, Tohnichi, or Fargo in various articles and blog posts. This malicious software is designed to infiltrate and damage computer systems, often without the user's knowledge. It can enter systems through suspicious downloads, emails, oUnspecified
2
The Agenttesla Malware is associated with AsyncRAT. AgentTesla is a well-known Remote Access Trojan (RAT) and infostealer malware that has been used in numerous cyber-attacks. It is often delivered through malicious emails or downloads, and once inside a system, it can steal personal information, disrupt operations, or even hold data hostage for ransUnspecified
2
The Xworm Malware is associated with AsyncRAT. XWorm is a sophisticated piece of malware designed to infiltrate and exploit computer systems, often without the user's knowledge. It can be delivered through various means such as suspicious downloads, emails, or websites, and once inside a system, it can steal personal information, disrupt operatiUnspecified
2
The NETWIRE Malware is associated with AsyncRAT. NetWire is a type of malware, specifically a remote access trojan (RAT), that has been utilized for various malicious activities since at least 2014. Initially promoted as a legitimate tool for managing Windows computers remotely, NetWire was quickly adopted by cybercriminals and used in phishing atUnspecified
2
Source Document References
Information about the AsyncRAT Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Recorded Future
9 days ago
Securityaffairs
12 days ago
Securelist
13 days ago
Securelist
3 months ago
Checkpoint
5 months ago
DARKReading
5 months ago
Securityaffairs
5 months ago
InfoSecurity-magazine
5 months ago
Contagio
6 months ago
Checkpoint
6 months ago
Securelist
7 months ago
Securityaffairs
7 months ago
Fortinet
7 months ago
Securityaffairs
7 months ago
Securityaffairs
8 months ago
Recorded Future
8 months ago
Checkpoint
9 months ago
DARKReading
10 months ago
Pulsedive
a year ago
Malware-traffic-analysis.net
a year ago