March 22, 2024
Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]
Rewterz Threat Alert – Bitter APT Group – Active IOCs
April 27, 2023
Rewterz Threat Alert – ZStealer Malware – Active IOCs
April 27, 2023
Rewterz Threat Alert – Bitter APT Group – Active IOCs
April 27, 2023
Rewterz Threat Alert – ZStealer Malware – Active IOCs
April 27, 2023
Severity
Medium
Analysis Summary
Remcos malware has been operating since 2016. This RAT was originally promoted as genuine software for remote control of Microsoft Windows from XP onwards, and is frequently found in phishing attempts due to its capacity to completely infect an afflicted machine. Remcos malware attacks Windows systems and provides the attacker complete control over the machine.It is frequently distributed by malicious documents or archive files that contain scripts or executables. Remcos, like other RATs, offers the threat actor complete access over the infected PCs which allow them to record keystrokes, passwords, and other critical information. Remcos incorporates various obfuscation and anti-debugging techniques to evade detection. Regular updates of its features by its creators make this malware a challenging adversary.
Impact
- Information Commands
- Backdoor Theft
- Credential Theft
- User Information Theft
Indicators of Compromise
MD5
- 5db00fb6ffdb44187b95918cb69ce6b4
- 8fc2e883931e5b10652a053fd52c372a
- 63ff6778c5c8a912fb941711b6f16098
SHA-256
- 2416e5bfdf5fc88f9d7ceaf117cd1173370b357b8d4b5070f81f0df7a0253075
- 23900cecd289350547647157100876e2f0cd92fac6a8f4354a5bdd8e2d3dea3b
- 3d8c5e687b07498d4d54ea626b44cf229198c0b8a4c9694c56ee9708b04929c7
SHA-1
- ba3a4c7b0e2de310a71d43020889296a97fbb9d4
- 0107d0425be941af467a7ce7f560d9e6177764f2
- 3c0e244c48cf1068f910b3c71c39eefbeb57bd4a
Remediation
- Block all threat indicators at your respective controls. Search for Indicators of compromise (IOCs) in your environment utilizing your respective security controls
- Enable two-factor authentication (2FA) on your accounts adds an extra layer of security and can help prevent unauthorized access even if your login credentials have been stolen.
- Regularly backing up your important data can help ensure that you don’t lose any critical information in the event of a malware infection or other data loss event.
- Be wary of emails, attachments, and links from unknown sources. Also, avoid downloading software from untrusted sources or clicking on suspicious ads or pop-ups.
- Make sure all of your software, including your operating system and applications, are up-to-date with the latest security patches. This can help prevent vulnerabilities that could be exploited by Aurora Stealer and other types of malware.