Dissecting REMCOS RAT: An in-depth analysis of a widespread 2024 malware, Part Four
May 9, 2024, 4:24 p.m.
Tags
External References
Description
This comprehensive analysis provides a thorough examination of the REMCOS Remote Access Trojan (RAT), a prominent malware threat that gained significant prevalence in 2024. The analysis delves into the malware's configuration structure, command and control capabilities, persistence mechanisms, and evasion techniques, while also offering insights into effective detection strategies using Elastic technologies.
Date
Published: May 9, 2024, 3:14 p.m.
Created: May 9, 2024, 3:14 p.m.
Modified: May 9, 2024, 4:24 p.m.
Indicators
ba6ee802d60277f655b3c8d0215a2abd73d901a34e3c97741bc377199e3a8670
b1a149e11e9c85dd70056d62b98b369f0776e11b1983aed28c78c7d5189cfdbf
95dfdb588c7018babd55642c48f6bed1c281cecccbd522dd40b8bea663686f30
8c9202885700b55d73f2a76fbf96c1b8590d28b061efbadf9826cdd0e51b9f26
517f65402d3cf185037b858a5cfe274ca30090550caa39e7a3b75be24e18e179
3e32447ea3b5f07c7f6a180269f5443378acb32c5d0e0bf01a5e39264f691587
0af76f2897158bf752b5ee258053215a6de198e8910458c02282c2d4d284add5
77.105.132.70
185.70.104.90
104.250.180.178
43.230.202.33
122.176.133.66
107.175.229.139
http://remchukwugixiemu4.duckdns.org:57846
http://remchukwugixiemu4.duckdns.org:57844
http://remchukwugix231fgh.duckdns.org:57846
http://remchukwugix231fgh.duckdns.org:57844
http://money001.duckdns.org:9596
http://77.105.132.70:8080
http://77.105.132.70:80
http://77.105.132.70:465
http://77.105.132.70:2404
http://43.230.202.33:7056
http://185.70.104.90:8080
http://185.70.104.90:80
http://185.70.104.90:465
http://185.70.104.90:2404
http://122.176.133.66:2667
http://122.176.133.66:2404
http://107.175.229.139:8087
http://104.250.180.178:7902
remchukwugixiemu4.duckdns.org
remchukwugix231fgh.duckdns.org
money001.duckdns.org
Attack Patterns
REMCOS
REMCOS
T1055.001
T1548.002
T1059.005
T1555
T1573
T1218
T1055
T1059