Remcos is an extensive and powerful Remote Control tool,which can be used to fully administrate one or many computers, remotely.Remcos typically infects a system by embedding a specially-crafted settings file into an Office document, this allows an attacker can trick a user to run malicious code without any further warning or notification.
Credits : Research by ExecuteMalware
Indicators of Compromise
THREAT IDENTIFICATION: REMCOS RAT
SUBJECTS OBSERVED
ACH Remittance Advice-0032421
SENDERS OBSERVED
no [.]reply [.]payables@urny-katten [.]com
MALDOC FILE HASHES
Remittance Advice [.]xls
19eeb9f08b76b43bc18ebd0ace1881cd
PAYLOAD URL
http://vendorcreditglobal [.]online/file/hut [.]js
http://vendorcreditglobal [.]online/find/mac [.]jpg
PAYLOAD FILE HASHES
Same file hash as hut [.]js
rud [.]js
a47b7104414e13a0a5f77692da5009dd
mac [.]jpg
90521b33d7e36758b945a49ddaf6a041
InstallUtil [.]exe
bb85aa6d90a4157ed799257072b265ff
REMCOS C2
daemontime [.]myq-see [.]com
https:194 [.]5 [.]98 [.]147:1698