Exploring the Infection Chain: ScreenConnect's Link to AsyncRAT Deployment
Essential information
- Published
- 05/07/2024 14:48
- Modified
- 05/07/2024 16:20
- Tags
- 2024-07-05 asyncrat autoit nsi script nsis installer screenconnect
- Related entities
- 77 observables, 19 techniques (mitre), 1 malware
Description
In June 2024, eSentire's Threat Response Unit observed several incidents involving users downloading the ScreenConnect remote access client, potentially facilitated through drive-by downloads. Threat actors exploited ScreenConnect to establish unauthorized remote sessions, ultimately deploying the AsyncRAT trojan. The malicious scripts executed exhibited techniques like delaying tactics and conditional execution to evade detection by security software.