Rewterz Threat Alert – Linux malware Hijacking Supercomputers Across the Globe
February 3, 2021Rewterz Threat Alert – GuLoader Malspam Campaign – IoCs
February 4, 2021Rewterz Threat Alert – Linux malware Hijacking Supercomputers Across the Globe
February 3, 2021Rewterz Threat Alert – GuLoader Malspam Campaign – IoCs
February 4, 2021Severity
High
Analysis Summary
Remcos is a name for a Remote Administration Tool (RAT) targeting Windows systems. Backdoor.Remcos can arrive as a malicious email attachment or be downloaded by other malware. It is marketed as a legitimate software by a Germany-based firm Breaking Security for remotely managing Windows systems is now widely used in multiple malicious campaigns by threat actors. Remcos is a sophisticated remote access Trojan (RAT) that can be used to fully control and monitor any Windows computer from XP and onwards.
Impact
- Victim’s machine information (OS version, computer name, system type, product name, primary adapter).
- User information (user access, user profile, user name, user domain)
- Processor information (processor revision number, processor level, processor identifier, processor architecture)
Indicators of Compromise
MD5
- 589bc5a4d262da1e236e1365d351ada8
- c8be6fb94bb61f863bfd70a88878cf46
- 30dcecd1717926af1a3ece326d5a3f77
- b414012e749cc84339ac901e5e4a04c9
SHA-256
- 9b91ccd7158599ea4cb5e71315d9e4ed38e326910e5a896caf7ed2cf8ed87016
- 6f73debb4f1abd679439a801b655704b6892a4347c8384dc80be1004af79e51c
- a95d4bd25849a4e0a3ce3ba51c98b3c713bcb7afafdabdb2de8c77653cae0d47
- df2b517d9777fb1b734d1f25e7eac6f5217988596427086c7821a272f1fd9abb
SHA1
- 0ed176a244e6dd85c455aef5f7d44e12fa1c27a8
- 0064bbdd32ec536c861cbf528baf7a5925fd3335
- c7fc084d2b6016f8b6a230687f8d12c7ced71572
- eafaa45db1ddd165a14d94a9c36d46c9b61d926d
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.