Figure 3: Initialization of configuration settingsįigure 4 shows the Initialize Settings function, which also enables decryption of all configuration settings from the AES256 algorithm. The Initialize Settings function enables all hardcoded configurations and settings that are predefined while building the payload (Fig.
#Web monitor rat code
Objective of Malware: Keylogging, data exfiltration, info-stealing, remote shell, remote code executionįigure 2: Main functions of AsyncRAT Initialize Settings Function Infection Vectors: Spam/phishing email and spear-phishing
Regions: Asia, Latin America, North America, South America, Central America Target Industry Verticals: Aviation, Travel, Hospitality, among others Finally, the Follina Outbreak in Australia delivered AsyncRAT as a malicious payload.ĪsyncRAT can be detected and removed using Qualys Multi-Vector EDR, which is a service of the Qualys Cloud Platform. More recently, a campaign using social engineering techniques targeted Thailand pass customers. For example, as part of the Operation Layover campaign that targeted the Aviation industry, TA2541 used infected Word documents with themes related to aviation, transportation, and travel to enable downloading the AsyncRAT payload. Features include keylogging, audio/video recording, info-stealing, remote desktop control, password recovery, launching remote shell, webcam, injecting payloads, among other functions.ĪsyncRAT has been used by various malware campaigns and threat actors in recent exploits. What is AsyncRAT C2 Framework?ĪsyncRAT C2 Framework is a Remote Access Trojan (RAT) designed to remotely monitor and control other computers through a secure encrypted connection. We provide an overview of this threat, a technical analysis, and a method of detecting the malware using Qualys Multi-Vector EDR. In this blog we describe the AsyncRAT C2 ( command & control) Framework, which allows attackers to remotely monitor and control other computers over a secure encrypted link.
0 kommentar(er)
