Analysis of Async RAT Malware Infection through Network Communication Using Wireshark

Abstract

This study investigates the infection process of the Async Remote Access Trojan (Async RAT) and demonstrates how its malicious activity can be identified through network traffic analysis using Wireshark. Async RAT is a remote access malware that enables adversaries to gain complete control over compromised systems. The case study utilizes PCAP files and infection artifacts obtained from malware-traffic-analysis.net to reconstruct the infection chain, beginning with the execution of a suspicious ISO file containing a WSF script and culminating in the malware’s communication with Command and Control (C2) servers. The findings reveal that Async RAT employs both HTTP and HTTPS protocols to retrieve payloads and maintain interaction with remote servers. Furthermore, Indicators of Compromise (IoCs)—including domains, IP addresses, and file hashes—were identified and validated to provide insight into the attack vector. This research contributes to the broader understanding of malware infection patterns and supports the development of effective detection and mitigation strategies in cybersecurity practice.