AsyncRAT campaigns feature new version of 3LOSH crypter

silversurfer

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,148
Content source
https://blog.talosintelligence.com/2022/04/asyncrat-3losh-update.html
  • Ongoing malware distribution campaigns are using ISO disk images to deliver AsyncRAT, LimeRAT and other commodity malware to victims.
  • The infections leverage process injection to evade detection by endpoint security software.
  • These campaigns appear to be linked to a new version of the 3LOSH crypter, previously covered here.
Malware distributors often leverage tools to obfuscate their binary payloads and make detection and analysis more difficult. These tools often combine functionality normally associated with packers and crypters and, in many cases, are not directly tied to the malware payload itself. Over the past several months we have observed a series of campaigns that leverage a new version of one of these tools, referred to as 3LOSH crypter. The threat actor(s) behind these campaigns have been using 3LOSH to generate the obfuscated code responsible for the initial infection process. Based on analysis of the embedded configuration stored within the samples associated with these campaigns, we have identified that the same operator is likely distributing a variety of commodity RATs, such as AsyncRAT and LimeRAT. These RATs feature various functionality that enables them to be used to gain access to systems and exfiltrate sensitive information from victims.
Click to expand...
blog.talosintelligence.com

Threat Spotlight: AsyncRAT campaigns feature new version of 3LOSH crypter

By Edmund Brumaghin, with contributions from Alex Karkins. * Ongoing malware distribution campaigns are using ISO disk images to deliver AsyncRAT, LimeRAT and other commodity malware to victims. * The infections leverage process injection to evade detection by endpoint security software. *...
blog.talosintelligence.com blog.talosintelligence.com
 
  • Like
  • Applause
  • Wow
Reactions: Tutman, Kongo, Der.Reisende and 2 others
You must log in or register to reply here.

Similar threads

[correlate]
    • Like
    • +Reputation
Snip3 Crypter Reveals New TTPs Over Time
Replies
0
Views
523
News Archive
[correlate]
[correlate]
silversurfer
    • Like
    • +Reputation
Malware News Banking Trojans Target Latin America and Europe Through Google Cloud Run
Replies
0
Views
1,144
Security News
silversurfer
silversurfer
[correlate]
    • Like
    • Wow
Security News Hacking Employers and Seeking Employment: Two Job-Related Campaigns Bear Hallmarks of North Korean Threat Actors
Replies
0
Views
838
Security News
[correlate]
[correlate]

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top