216.73.216.133

Exploring the Infection Chain: ScreenConnect's Link to AsyncRAT Deployment

· Published 05/07/2024 14:48 · Modified 05/07/2024 16:20

Export JSON

Essential information

Published
05/07/2024 14:48
Modified
05/07/2024 16:20
Tags
2024-07-05 asyncrat autoit nsi script nsis installer screenconnect
Related entities
77 observables, 19 techniques (mitre), 1 malware

Description

In June 2024, eSentire's Threat Response Unit observed several incidents involving users downloading the remote access client, potentially facilitated through drive-by downloads. Threat actors exploited to establish unauthorized remote sessions, ultimately deploying the trojan. The malicious scripts executed exhibited techniques like delaying tactics and conditional execution to evade detection by security software.

External references