Reborn in Rust: Attempt to thwart malware analysis

SUMMARY :

AsyncRAT, a remote access trojan known since 2019, has been rewritten in Rust, marking a shift from its original C# implementation. This change aims to complicate reverse engineering efforts due to limited analysis tool support for Rust. The malware retains its core functionality, including plugin installation, code execution, and persistence. It installs via scheduled tasks or temporary directory copying, stores plugins in the registry, and communicates with command and control servers over TLS. The Rust variant supports fewer commands compared to its .NET counterpart, suggesting ongoing development. The malware collects system information, including hardware ID, OS details, and antivirus software presence. Debug strings in the samples indicate active development of this Rust version.

OPENCTI LABELS :

remote access trojan,rust,asyncrat,tls,command and control,plugins,reverse engineering,system information,hardware id,rustyasyncrat


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Reborn in Rust: Attempt to thwart malware analysis