{
  "name": "Exploring the Infection Chain: ScreenConnect's Link to AsyncRAT Deployment",
  "slug": "exploring-the-infection-chain-screenconnects-link-to-asyncrat-deployment",
  "description": "In June 2024, eSentire's Threat Response Unit observed several incidents involving users downloading the ScreenConnect remote access client, potentially facilitated through drive-by downloads. Threat actors exploited ScreenConnect to establish unauthorized remote sessions, ultimately deploying the AsyncRAT trojan. The malicious scripts executed exhibited techniques like delaying tactics and conditional execution to evade detection by security software.",
  "published": "2024-07-05T12:48:40+00:00",
  "created_at": "2024-07-05T12:48:40+00:00",
  "modified_at": "2024-07-05T14:20:54+00:00",
  "created_at_opencti": "2024-07-05T12:48:40+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2024-07-05",
    "asyncrat",
    "autoit",
    "nsi script",
    "nsis installer",
    "screenconnect"
  ],
  "related_entities": {
    "observables": [
      {
        "id": "",
        "name": "36.75.75.75"
      },
      {
        "id": "",
        "name": "138.112.25.25"
      },
      {
        "id": "",
        "name": "123.181.24.36"
      },
      {
        "id": "",
        "name": "1.13.16.45"
      },
      {
        "id": "",
        "name": "71.162.181.51"
      },
      {
        "id": "",
        "name": "uipwbmldpswkgwle.site"
      },
      {
        "id": "",
        "name": "lomklauekabjikaiwoge.com"
      },
      {
        "id": "",
        "name": "aviranpreschool.com"
      },
      {
        "id": "",
        "name": "fd0d3c38d2bbb517a8e74d8879b73ba57a3832a450abbe826803ceef5726a14a"
      },
      {
        "id": "",
        "name": "f6e41c3092c5e1167d95330a2a482f695598c31ad79963c59b07ab79dbfb87f7"
      },
      {
        "id": "",
        "name": "fa55401d78f8eabf5dff1b903a9f072b8324851286f67c0aca5b3af931bb4877"
      },
      {
        "id": "",
        "name": "fb5aac98c73fa13b244d763b495701ab2eb44815dbd0019531fe081536ef9b9a"
      },
      {
        "id": "",
        "name": "f3abb0cc802f3d7b95fc8762b94bdcb13bf39634c40c357301c4aa1d67a256fb"
      },
      {
        "id": "",
        "name": "f42c7da665f73fdf6e86f1ebf1054af265541f534912599d27b6dc671e9c8375"
      },
      {
        "id": "",
        "name": "ea28712cd43fbad5b018a6d19594a5b8a6770965a0221c19f1fb8ebf459d2b31"
      },
      {
        "id": "",
        "name": "e5d37c781676a67bacc070088dd8d14f70bf74827c3d788eb9602884c38b7c19"
      },
      {
        "id": "",
        "name": "e597fd01bd50700473316d7bcbfe0f6b43d10842d45eb8598bd35438831ae897"
      },
      {
        "id": "",
        "name": "e535a00f01748954152e16a28ac1dabeb056d097f4e98aa59f07b9a6f0e9434e"
      },
      {
        "id": "",
        "name": "e522531d2cd8fca257452945e0c00a1a04a2d132cef848aef41a1a2e1ef2d8b4"
      },
      {
        "id": "",
        "name": "e3ad352e1c9a3a1842c17262d626bb95f9ec3b199cacd4a8011e954a1473843f"
      },
      {
        "id": "",
        "name": "e0df0ad47456b7d8a0c34645a7c9990e99ff6fe5d0c96ca55a406b34d5ae91a4"
      },
      {
        "id": "",
        "name": "df2e7c2aabe2f6889589aef8f6e8c604207aff07f121f9e6d82a309f1cfd3079"
      },
      {
        "id": "",
        "name": "d9c038ec71396e395fbd88b384e3335f3afb94bdf2371fb0713bfe963f342185"
      },
      {
        "id": "",
        "name": "d38bbb755ba411e2457833b700e4d3fe4d19acf03feb8f59ac29f804b8a2e938"
      },
      {
        "id": "",
        "name": "ce87ff0b32de840a2499d82260bdc83805ce24b9373e190314e5639b0dd034b3"
      },
      {
        "id": "",
        "name": "c30702ce7c9931b5a9525a2fef0018ad9a4b314668b72339a4914b0f1783ce9e"
      },
      {
        "id": "",
        "name": "b96bd9decf14957fcb03ff4ad753735d00164da2d02ff694607c643531b626cd"
      },
      {
        "id": "",
        "name": "b4e71358c183707b27361219af2146f7b72042f56cec7ed8f917795a76b2296f"
      },
      {
        "id": "",
        "name": "b31c484cabd6030c919fe519a7697736485f0004c79dbd081c9fb236fc18503f"
      },
      {
        "id": "",
        "name": "af962298ee5c9fb41cf82d00dc919bfd6e514bd6aca71ae4d674b259eee0fc7c"
      },
      {
        "id": "",
        "name": "abc884a816b3c414ff9d15c1152cf5e5c2d3e670ee6dcee3d052d08056f3ac74"
      },
      {
        "id": "",
        "name": "a4e2bbb403f5bcf7709456d412716323022039b87a79c4fe1f8c726269ca236d"
      },
      {
        "id": "",
        "name": "ab6979ed8daf3875cda868be8c794035567920f980d491b647efcc922e6375b7"
      },
      {
        "id": "",
        "name": "a0cdda26ad1452391df07f904ca5784345b2199308664cf613b09c6f1e24af17"
      },
      {
        "id": "",
        "name": "9ae6bea13bbe186dde5a380c94d309c56aba8c055b0f540eadf9c988b914b729"
      },
      {
        "id": "",
        "name": "9e7c5a22db466c5c093d9eb91b79fa0c17f4491667aac585b7b8d60a5b0976a0"
      },
      {
        "id": "",
        "name": "98f219e6becd0f0501256146bd7bfc6d2f0ce28003c048c821fcb7501686ee38"
      },
      {
        "id": "",
        "name": "9243236bd249560e2a626171fe17771656d02418efa6b6ac3c3823c6c747e6a8"
      },
      {
        "id": "",
        "name": "95692e64e52f38f3285fc1a071691551aa14d01e4c5867a4c34b60e003d0da61"
      },
      {
        "id": "",
        "name": "8ab5db97785ca6fe0213e779b4a3960712bf9202dcfe4ab6ce0add5a2531d862"
      },
      {
        "id": "",
        "name": "7ccab1d1207272966907184d73c655a0035451f9bc7f4d602e069312ac819244"
      },
      {
        "id": "",
        "name": "717c083156d07b631e42e3d9f4d175c59d206f7b3b04add1f761b43fbdf41cee"
      },
      {
        "id": "",
        "name": "784b8907059b57709fbcfc8e4a97d914a181a8d6f955202ce4815abeac85f033"
      },
      {
        "id": "",
        "name": "6f1905e804200c694582758c63244fd966e807eeee443bd0d40bebd5072045a5"
      },
      {
        "id": "",
        "name": "6bfea924734c7ccdf2822729d72d78a5174011768de0cd2576643e99832f8452"
      },
      {
        "id": "",
        "name": "6ed34a18930c558f946a17f2d0de649413b7441c96458b762ea588d185df797c"
      },
      {
        "id": "",
        "name": "6a6226eb265a361098bb8fc947448f831ee9549a84208033045e2cbdc3b0ba34"
      },
      {
        "id": "",
        "name": "62d76b7498756fcbc87629cb0fa001e8e1272883e434054a5356901ac2699aec"
      },
      {
        "id": "",
        "name": "6513878c1be24fe2f041008a51754071fa90fd48fd9de65290a6d01fdcd7efa6"
      },
      {
        "id": "",
        "name": "5f27802fabf7e1921c04359bfa48cfc96c18514d3f7a32a39fc80566e2e18008"
      },
      {
        "id": "",
        "name": "5eb2ebe9104e6ef814851ccfb6493408a3f02fa7b2a0d06da4e7b678f1f93833"
      },
      {
        "id": "",
        "name": "5d45100f7f80903ea2031dbd4c546bee6c12a8a98d6f27ac5d741a8886c81b83"
      },
      {
        "id": "",
        "name": "5aed97c59a0286107312dab7982983d4bf638eb1a999ac86c1056114fd4f12e0"
      },
      {
        "id": "",
        "name": "597a55ac25fc4ca4d5fcba33bbd88f3b1fc47ace41e89daf394f76b0841d0979"
      },
      {
        "id": "",
        "name": "59dea613bbff003ad139da01c6243f3d8f6cd31f09c192b38c8beb0c6ade8acc"
      },
      {
        "id": "",
        "name": "579daf4b58d3f1b9903dad053ccdbbf05f445cb70339996ce90f477958035e68"
      },
      {
        "id": "",
        "name": "568be120305376a9b9d9dfaacccdaf8788883b5c544a330294d4671c57796f6d"
      },
      {
        "id": "",
        "name": "55b588463e9af8c4e4d2dbbe608f6e47e8987a2c32b5aa69c6a19ddc3fc25a4c"
      },
      {
        "id": "",
        "name": "533ffd45167d8029a62cd54986bbf933199676dc731898083f1287f8fe65451a"
      },
      {
        "id": "",
        "name": "526abb1dd44dad419d000482a5f92cfc4d290673aa8dc7c60ca2017a4fb5de88"
      },
      {
        "id": "",
        "name": "50450ca18d815947ba511ba18d18261c6206254891b25734824caa68a602c4d0"
      },
      {
        "id": "",
        "name": "47bc65e3d83d26b419535d9ecd9c14ea2a66554eca0222b30356105abcd62ed0"
      },
      {
        "id": "",
        "name": "3f43b6029cb0c42b95c9205356746ce72db43ed82163f6b176a6f280b2eae98b"
      },
      {
        "id": "",
        "name": "3d3f9a8fdc25492e1f797d7ea40c0afdef8aafb65c3d7248d3d76f4817fb66d4"
      },
      {
        "id": "",
        "name": "32ccda7747cd105f270caee6494a453b4a6614f332f5c23193d8ad8fcb9ed939"
      },
      {
        "id": "",
        "name": "3285c76f50ce1bd5985e3201a7e85695bd94fc595fc3da70b71f7d87fc4f69c2"
      },
      {
        "id": "",
        "name": "31a81bddfce4cf7cc065e451c9445372a55854dffca0fc520ae81f9bfa4f22a0"
      },
      {
        "id": "",
        "name": "2e370ce4d05ab6154489ba3a9ed75e7a6890c5b5b7974a687f928683a5bda221"
      },
      {
        "id": "",
        "name": "2da256191573d99e7c36606c6748ea84d8665cc2f8000bd0d2fadbd66ab3004a"
      },
      {
        "id": "",
        "name": "2ac4277b12a5091ff5e041989d932cff2b0b69a1d31a7de6d74984d5fd725641"
      },
      {
        "id": "",
        "name": "279241ff7fd78e4152b35cd2f1e673994e7b2a02ded4edd31ef152f95d9bc969"
      },
      {
        "id": "",
        "name": "249edf69d999163b1dbc9923ff2c8a5903757ffc9b027461f03047b171afe1d1"
      },
      {
        "id": "",
        "name": "236c5323d8aeb74d97f0bd5d54d8c774d07ff26f6befbc7f155b5349d0ba604a"
      },
      {
        "id": "",
        "name": "22ccc6e138ff12b9c7738caf64c25bdf00b478b1b2e523daf25be3fca196f984"
      },
      {
        "id": "",
        "name": "1c31231b53b0baa178c93c26bec5039237329e9f814b61954a475d6052528c43"
      },
      {
        "id": "",
        "name": "0294ac2898d8db407f961eed90af5f63f074f7c37c5f803b707b56b81740a4b6"
      },
      {
        "id": "",
        "name": "8498900e57a490404e7ec4d8159bee29aed5852ae88bd484141780eaadb727bb"
      }
    ],
    "malware": [
      {
        "id": "f200fb60-5446-493f-9712-9f26d65956cc",
        "name": "AsyncRAT",
        "slug": "asyncrat"
      }
    ],
    "attack_patterns": [
      {
        "id": "40f0d8e3-bcd7-4b97-a958-f55815698fc5",
        "name": "T1053.005"
      },
      {
        "id": "ecaaa4cc-d487-4002-bcb2-f769acfcc38f",
        "name": "T1490"
      },
      {
        "id": "9e784d22-5a6c-4da6-968a-5fab2f019efd",
        "name": "T1059.005"
      },
      {
        "id": "e1b18ecf-d74e-4fe6-9bd4-ca6a62e7d818",
        "name": "T1027.002"
      },
      {
        "id": "16e4fc82-7c0b-4d1a-b784-b804b4df26dc",
        "name": "T1204.001"
      },
      {
        "id": "6b2e0999-c7e8-4662-94ac-19aa8520ee46",
        "name": "T1059.003"
      },
      {
        "id": "32b33067-6566-4b8d-be80-e96f765d84de",
        "name": "T1059.001"
      },
      {
        "id": "45c400ce-708d-4ac2-8ea7-57c971a83ce5",
        "name": "T1027.005"
      },
      {
        "id": "9322d33b-00c1-4f99-9f1a-a33d93c0dac2",
        "name": "T1059.007"
      },
      {
        "id": "2e0c6db7-16a7-4bf6-992e-263474014fce",
        "name": "T1059.004"
      },
      {
        "id": "196f2a64-c55b-47a6-8e38-beb76ba700b6",
        "name": "T1204.002"
      },
      {
        "id": "c3af9fd7-d307-4df4-9220-cc627938fb85",
        "name": "T1055"
      },
      {
        "id": "c12e0e03-aab0-4646-a929-e921a3d27f02",
        "name": "T1219"
      },
      {
        "id": "50514c04-b3a2-4abf-a855-e3a434200c87",
        "name": "T1204"
      },
      {
        "id": "0c836307-129e-4ff7-a532-180c633cacba",
        "name": "T1027"
      },
      {
        "id": "bb20a9e1-f4f6-459d-94f4-470c6867dc2d",
        "name": "T1053"
      },
      {
        "id": "fcd96dc0-500e-4354-bd97-5c65718a9004",
        "name": "T1562"
      },
      {
        "id": "ca53b2fa-42a8-45ec-9682-0cf54bf280f3",
        "name": "T1090"
      },
      {
        "id": "9b6064e6-a05b-4e95-baf5-34d180bc9221",
        "name": "T1059"
      }
    ]
  },
  "external_refs": [
    "https://github.com/esThreatIntelligence/iocs/blob/main/ScreenConnect/ScreenConnect_AsyncRAT_6-24-2024.txt",
    "https://www.esentire.com/blog/exploring-the-infection-chain-screenconnects-link-to-asyncrat-deployment",
    "https://otx.alienvault.com/pulse/668807c860b915f2f6980755"
  ]
}