AsusUpdateRAT
ASUSTeK Computer Inc. Private RAT disguised as update. JSON C2 protocol (cJSON library). Commands: ping, cmd, filemgr, fileupload, del. Hardware identification (hwid) based tracking. cmd.exe output capture. File manager and upload features.
Threat Profile
Type
RAT
Programming LanguageC
C2 ProtocolHTTP
First Seen2024
Targets
Kuresel
Purpose / Capabilities
- Remote Access
- File Management
- Command Execution
No C2 servers have been identified for this family yet.
Research Reports (1)
AsusUpdateRAT 624c6b56 -- ASUSTeK-Computer-disguise AsusUpdateSetup-exe JSON-C2-protocol cJSON-library hwid-ping-cmd-filemgr-fileupload-task-del InternetOpenW-HttpSendRequest cmd-exe-output-capture | Yuksek
AsusUpdateRAT 624c6b56 PE32 1.1MB. ASUSTeK Computer disguise (AsusUpdateSetup.exe). JSON C2 protokolu cJSON. hwid/ping/cmd/filemgr/fileupload/task/del. HTTP InternetOpenW+HttpSendRequest. cmd.exe output capture.
Read Report →