Analysis of AsyncRAT's Infection Tactics via Open Directories

SUMMARY :

This analysis explores two distinct methods used to infect systems with AsyncRAT through open directories. The first technique involves a multi-stage process using various obfuscated scripts (VBS, BAT, PowerShell) and disguised files to download and execute the AsyncRAT payload. The second method employs a simpler two-stage approach, utilizing a VBS script and a disguised PowerShell script to create files and set up a scheduled task for persistent infection. Both techniques demonstrate the adaptability of attackers in using publicly accessible files to spread AsyncRAT, a Remote Access Trojan designed for system infiltration and remote control.

OPENCTI LABELS :

powershell,remote access trojan,obfuscation,asyncrat,vbs,bat,multi-stage infection,scheduled tasks,open directories


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Analysis of AsyncRAT's Infection Tactics via Open Directories