LevelBlue Threat Spotlight Report, AsyncRAT in Action

Fileless malware isn’t new, but it continues to challenge cybersecurity defenses due to its stealthy nature and reliance on legitimate system tools for execution. These attacks operate entirely in memory, making them harder to detect, analyze, and eradicate.

The first edition of the LevelBlue Threat Spotlight Report, AsyncRAT in Action: Evading Defenses with Fileless Malware Techniques, explores a real incident investigated by the LevelBlue SOC involving a fileless loader used to deliver AsyncRAT. AsyncRAT is a well-known Remote Access Trojan (RAT) that masquerades as a trusted utility to steal user credentials.

In this report, we uncover:

• Trojanized remote access tools — how ScreenConnect was abused to establish an initial foothold
• Fileless loaders in action — PowerShell and VBScript chains delivering AsyncRAT without leaving disk artifacts
• Evasion techniques exposed — AMSI and ETW bypasses, persistence via scheduled “Skype Updater” tasks, and memory-only execution
• Crypto-targeting reconnaissance — AsyncRAT modules designed to steal credentials and scan for cryptocurrency wallets
• Indicators of Compromise (IOCs) — domains, hashes, and artifacts your security teams need to hunt for exposure
  
  

Download your complimentary copy today to learn how these attacks unfold and get actionable intelligence to strengthen your defenses against fileless malware.