AsyncRAT is a Remote Access Tool (RAT) designed to remotely monitor and control other computers through a secure encrypted connection. It is an open source remote administration tool, however, it could also be used maliciously because it provides functionality such as keylogger, remote desktop control, and many other functions that may cause harm to the victim’s computer. In addition, AsyncRAT can be delivered via various methods such as spear-phishing, malvertising, exploit kit and other techniques. The following Figure 1 is showing part of the screenshot of AsyncRAT Panel Menu.
__
Figure1: AsyncRAT Panel Menu
This post serves to inform our customers about detection and protection capabilities within the Carbon Black suite of products against AsyncRAT.
Depending on the configuration taken from the attackers in AsyncRAT panel, the features it provides can be used to perform malicious activities such as stealing sensitive data/information, disabling security software, install additional malicious payload to the victim’s computer and many more harmful actions.
The features are including: (Reference from here)
__
Figure 2: Depends on the configuration, AsyncRAT can perform many harmful activities such as disabling Windows Defender. (Process Chart from CB Response)
Other than that, CB Defense will display the malware’s overall triggered TTPs.
If you are a Carbon Black customer looking to learn more about how to defend against his attack, click here.
TID | Tactic | Description |
---|---|---|
T1005 | Collection | Data from Local System |
T1123 | Collection | Audio Capture |
T1125 | Collection | Video Capture |
T1082 | Discovery | System Information Discovery |
T1083 | Discovery | File and Directory Discovery |
T1087 | Discovery | Account Discovery |
T1063 | Discovery | Security Software Discovery |
T1107 | Defense Evasion | File Deletion |
T1105 | Command and Control, Lateral Movement | Remote File Copy |
T1043 | Command and Control | Commonly Used Ports |
T1132 | Command and Control | Data Encoding |
T1002 | Exfiltration | Data Compressed |
Indicator | Type | Context |
---|---|---|
cb5d8d1841cea541cadb4f20a99706325d84b1eb94d18cc254d14600960d5ee2 | SHA256 | AsyncRAT |
7088fe608444abff9268cc3af57f69e6 | MD5 | AsyncRAT |
The post Threat Analysis Unit (TAU) Threat Intelligence Notification: AsyncRAT appeared first on VMware Carbon Black.