216.73.217.80

RAT Dropped By Two Layers of AutoIT Code

· Published 19/05/2025 09:36 · Modified 21/05/2025 21:47

Export JSON

Essential information

Published
19/05/2025 09:36
Modified
21/05/2025 21:47
Tags
2025-05-19 asyncrat autoit rat
Related entities
4 observables, 7 techniques (mitre), 1 malware

Description

A malware attack involving multiple layers of code has been discovered. The initial file, disguised as a project file, contains script that generates and executes a PowerShell script. This script downloads an interpreter and another layer of code. Persistence is achieved through a startup shortcut. The second layer of code is heavily obfuscated and ultimately spawns a process injected with the final malware, likely or PureHVNC. The attack utilizes various techniques including file downloads, script execution, and process injection to deliver and maintain the malicious payload.

External references