Threat Intelligence – Remcos Trojan Latest IOCs

0

Remcos is an extensive and powerful Remote Control tool,which can be used to fully administrate one or many computers, remotely.Remcos typically infects a system by embedding a specially-crafted settings file into an Office document, this allows an attacker can trick a user to run malicious code without any further warning or notification.


Credits : Research by ExecuteMalware

Indicators of Compromise

THREAT IDENTIFICATION: REMCOS RAT

SUBJECTS OBSERVED
ACH Remittance Advice-0032421

SENDERS OBSERVED
no [.]reply [.][email protected] [.]com

MALDOC FILE HASHES
Remittance Advice [.]xls
19eeb9f08b76b43bc18ebd0ace1881cd

PAYLOAD URL
http://vendorcreditglobal [.]online/file/hut [.]js
http://vendorcreditglobal [.]online/find/mac [.]jpg

PAYLOAD FILE HASHES
Same file hash as hut [.]js
rud [.]js
a47b7104414e13a0a5f77692da5009dd

mac [.]jpg
90521b33d7e36758b945a49ddaf6a041

InstallUtil [.]exe
bb85aa6d90a4157ed799257072b265ff

REMCOS C2
daemontime [.]myq-see [.]com
https:194 [.]5 [.]98 [.]147:1698


Previous articleThreat Intelligence – Bazarcall Malware Latest IOCs
Next articleThreat Intelligence – Hancitor, Trickbot, Bazarcall Latest IOCs
Balaganesh is a Incident Responder. Certified Ethical Hacker, Penetration Tester, Security blogger, Founder & Author of Soc Investigation.

LEAVE A REPLY

Please enter your comment!
Please enter your name here