Malware by the (Bit)Bucket: Uncovering AsyncRAT
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A sophisticated attack campaign using Bitbucket as a legitimate platform to deliver AsyncRAT has been uncovered. The multi-stage approach involves a VBScript obfuscation layer, followed by a PowerShell payload delivery mechanism, and culminates in the execution of AsyncRAT. The attackers exploit Bitbucket's legitimacy and accessibility to host malicious payloads. The campaign employs various evasion techniques, including anti-VM checks and obfuscation. Persistence is established through Registry Run Keys and Startup Folder shortcuts. AsyncRAT provides extensive control over infected machines, enabling remote desktop control, file management, keylogging, and more. The attack demonstrates a high level of sophistication in its use of legitimate platforms and multi-layered obfuscation techniques.
OPENCTI LABELS :
powershell,rat,obfuscation,vbscript,asyncrat,.net,bitbucket
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Malware by the (Bit)Bucket: Uncovering AsyncRAT