Exploring AsyncRAT and Infostealer Plugin Delivery Through…
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
This analysis details an AsyncRAT infection observed in August 2024, delivered via email. The attack chain involves a Windows Script File that downloads and executes various scripts, ultimately leading to the installation of AsyncRAT with an infostealer plugin. The malware targets multiple browsers and cryptocurrency wallet extensions to exfiltrate data. The infection process includes process hollowing and scheduled task creation to maintain persistence. The threat actors employed obfuscation techniques to evade detection. This case highlights the continued effectiveness of phishing emails as a malware delivery method and the evolving capabilities of remote access tools combined with information-stealing functionalities.
OPENCTI LABELS :
powershell,phishing,process hollowing,infostealer,vbscript,asyncrat,cryptocurrency wallets,browser data theft
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Exploring AsyncRAT and Infostealer Plugin Delivery Through…