RAT Dropped By Two Layers of AutoIT Code
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A malware attack involving multiple layers of AutoIT code has been discovered. The initial file, disguised as a project file, contains AutoIT script that generates and executes a PowerShell script. This script downloads an AutoIT interpreter and another layer of AutoIT code. Persistence is achieved through a startup shortcut. The second layer of AutoIT code is heavily obfuscated and ultimately spawns a process injected with the final malware, likely AsyncRAT or PureHVNC. The attack utilizes various techniques including file downloads, script execution, and process injection to deliver and maintain the malicious payload.
OPENCTI LABELS :
rat,asyncrat,autoit
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
RAT Dropped By Two Layers of AutoIT Code