2022-04-13

New AsyncRAT & 3LOSH Crypter Malware Campaigns

Level: 
Tactical
  |  Source: 
Cisco Talos
Share:

New AsyncRAT & 3LOSH Crypter Malware Campaigns

Industry: N/A | Level: Tactical | Source: Cisco Talos

Cisco Talos's latest research tracking malware distribution campaigns have identified the usage of 3LOSH crypter to obfuscate the deployment of commodity malware including AsyncRAT and LimeRAT. An ISO disk image initiates the infection chain with a VBScript that launches PowerShell to create and execute a series of scripts. Persistence is achieved through a scheduled task that's created by the PowerShell script. Once the series of bat and ps1 scripts have been completed, the payload for the remote access trojan is injected and executed. These campaigns with 3LOSH crypter have been observed by Cisco Talos for several months and appear to be increasing activity with attackers turning to 3LOSH crypter to evade detection in corporate environments.

  • Anvilogic Scenario: 3LOSH Crypter - Malware Distribution Campaigns
  • Anvilogic Use Cases:
  • Wscript/Cscript Execution
  • Suspicious Executable by CMD.exe
  • Download exe|msi|bat Proxy
  • Rare remote thread
  • Create/Modify Schtasks

Chat with our team to receive a free maturity assessment

Get in Touch