AsyncRAT campaigns feature new version of 3LOSH crypter

Content source
https://blog.talosintelligence.com/2022/04/asyncrat-3losh-update.html
silversurfer

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
8,713
  • Ongoing malware distribution campaigns are using ISO disk images to deliver AsyncRAT, LimeRAT and other commodity malware to victims.
  • The infections leverage process injection to evade detection by endpoint security software.
  • These campaigns appear to be linked to a new version of the 3LOSH crypter, previously covered here.
Malware distributors often leverage tools to obfuscate their binary payloads and make detection and analysis more difficult. These tools often combine functionality normally associated with packers and crypters and, in many cases, are not directly tied to the malware payload itself. Over the past several months we have observed a series of campaigns that leverage a new version of one of these tools, referred to as 3LOSH crypter. The threat actor(s) behind these campaigns have been using 3LOSH to generate the obfuscated code responsible for the initial infection process. Based on analysis of the embedded configuration stored within the samples associated with these campaigns, we have identified that the same operator is likely distributing a variety of commodity RATs, such as AsyncRAT and LimeRAT. These RATs feature various functionality that enables them to be used to gain access to systems and exfiltrate sensitive information from victims.
Click to expand...
blog.talosintelligence.com

Threat Spotlight: AsyncRAT campaigns feature new version of 3LOSH crypter

By Edmund Brumaghin, with contributions from Alex Karkins. * Ongoing malware distribution campaigns are using ISO disk images to deliver AsyncRAT, LimeRAT and other commodity malware to victims. * The infections leverage process injection to evade detection by endpoint security software. *...
blog.talosintelligence.com blog.talosintelligence.com
 
  • Like
  • Applause
  • Wow
Reactions: Tutman, Kongo, Der.Reisende and 2 others
You must log in or register to reply here.

Similar threads

Correlate
    • Like
    • +Reputation
Security News Snip3 Crypter Reveals New TTPs Over Time
Replies
0
Views
185
Security News
Correlate
Correlate
upnorth
    • +Reputation
    • Like
7 Years, Long-Term Threat DarkTortilla Crypter is Still Evolving
Replies
0
Views
404
News Archive
upnorth
upnorth
silversurfer
    • Like
    • +Reputation
Malicious Campaign Targets Latin America
Replies
0
Views
763
News Archive
silversurfer
silversurfer

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top