RAT Dropped By Two Layers of AutoIT Code
Essential information
- Published
- 19/05/2025 09:36
- Modified
- 21/05/2025 21:47
- Tags
- 2025-05-19 asyncrat autoit rat
- Related entities
- 4 observables, 7 techniques (mitre), 1 malware
Description
A malware attack involving multiple layers of AutoIT code has been discovered. The initial file, disguised as a project file, contains AutoIT script that generates and executes a PowerShell script. This script downloads an AutoIT interpreter and another layer of AutoIT code. Persistence is achieved through a startup shortcut. The second layer of AutoIT code is heavily obfuscated and ultimately spawns a process injected with the final malware, likely AsyncRAT or PureHVNC. The attack utilizes various techniques including file downloads, script execution, and process injection to deliver and maintain the malicious payload.