RAT Dropped By Two Layers of AutoIT Code

(520) 462-0516

RAT Dropped By Two Layers of AutoIT Code

A malware attack involving multiple layers of AutoIT code has been discovered. The initial file, disguised as a project file, contains AutoIT script that generates and executes a PowerShell script. This script downloads an AutoIT interpreter and another layer of AutoIT code. Persistence is achieved through a startup shortcut. The second layer of AutoIT code is heavily obfuscated and ultimately spawns a process injected with the final malware, likely AsyncRAT or PureHVNC. The attack utilizes various techniques including file downloads, script execution, and process injection to deliver and maintain the malicious payload. Author: AlienVault

Related Tags:
T1059.006

T1204.002

T1547.001

T1059.001

T1574.002

AsyncRAT

T1105

RAT

autoit

Associated Indicators:
xcvbsfq32e42313.xyz

https://xcvbsfq32e42313.xyz/OLpixJTrO

https://xcvbsfq32e42313.xyz/hYlXpuF.txt

Threat Intel Solutions

RAT Dropped By Two Layers of AutoIT Code

Search

Popular Posts

Dangerous runC flaws could allow hackers to escape Docker containers

Lost iPhone? Don’t fall for phishing texts saying it was found

NAKIVO Introduces v11.1 with Upgraded Disaster Recovery and MSP Features

Categories

Pages

Archives

Tags

Follow Us