Briefing Malware
BLOG CERT SOGETI ESEC
CERT BRIEFING MALWARE

Briefing Malware - 01/02/2022

1st of February 2022 - Winners of the 5th week : Emotet, Redline and Formbook.

Some links points at extended actionnable intelligence (Threat Bulletins, TTPs, signatures, etc) on our Threat Intelligence Platform Anomali. This access is limited to our clients.

 

Threat statistics report

Publication date:

01/02/2022

Distribution :

TLP : WHITE  

What's new?

AsyncRAT (NC)

New threat campaign identified: ASYNCRAT introduces a new delivery technique

#Morphisec have successfully identified a new campaign with a new elaborated technic to evade detection that the final objective was to deliver #AsyncRAT, a Remote Access Trojan (#RAT).

Most of the malware attack use external server to download payload and pass to the next step of the infection chain. In this case, the attacker locally create an #ISO from a #Base64 string using #JavaScript and simulate the download process. The iso file is mount as a drive which contain a #VBS or #BAT file executed via #PowerShell command. This will initiate a chain of execution that will be ended by #AsyncRAT execution.

#AsyncRAT is a RAT with control and monitoring of the victim as main objective. Its features include #keylogging, #antivirus management, #password recovery as well as a client-server chat window.

 

https://blog.morphisec.com/asyncrat-new-delivery-technique-new-threat-campaign

 

Download the report

 

 

Print Email