AsyncRAT Distributed via WSF Script

by Prapattimynk, Wednesday, 6 December 2023 (3 months ago)
AsyncRAT Distributed via WSF Script


The AhnLab Security Emergency response Center (ASEC) analysis team previously posted about AsyncRAT being distributed via files with the .chm extension. [1] It was recently discovered that this type of AsyncRAT malware is now being distributed in WSF script format. The WSF file was found to be distributed in a compressed file (.zip) format through URLs contained within emails.

[Download URLs]
1. https://*****************.com.br/Pay5baea1WP7.zip
2. https://************.za.com/Order_ed333c91f0fd.zip
3. https://*************.com/PAY37846wp.zip
4. https://*****.****.co/eBills37890913.zip

Decompressing the first downloaded zip file yields a file with a .wsf file extension. This file mostly consists of comments as shown in the image below and only contains one

Comments

Your email address will not be published. Required fields are marked *

Ads Blocker Image Powered by Code Help Pro

AdBlocker Detected!!!

We have detected that you are using extensions to block ads. Please support us by disabling these ads blocker.