From Spam to AsyncRAT: Tracking the Surge in Non-PE Cyber Threats

McAfee Labs analyzes an AsyncRAT campaign that uses a spam-delivered HTML to fetch a WSF which stages multiple scripts (VBS/JS/BAT/PS1), drops and extracts a ZIP of dropper files, installs a scheduled task named "cafee" to run app.js for persistence, decodes and loads PE payloads (DLL and EXE), performs process injection into aspnet_compiler.exe, and establishes C2 communications; the report provides detailed IOCs (SHA256 hashes and C2 URLs) and mitigation recommendations.