SecuriTricks - Attack Report

External References

https://www.elastic.co/

https://otx.alienvault.com/

Description

This comprehensive analysis provides a thorough examination of the REMCOS Remote Access Trojan (RAT), a prominent malware threat that gained significant prevalence in 2024. The analysis delves into the malware's configuration structure, command and control capabilities, persistence mechanisms, and evasion techniques, while also offering insights into effective detection strategies using Elastic technologies.

Date

Published	Created	Modified
May 9, 2024, 3:14 p.m.	May 9, 2024, 3:14 p.m.	May 9, 2024, 4:24 p.m.

Indicators

ba6ee802d60277f655b3c8d0215a2abd73d901a34e3c97741bc377199e3a8670

b1a149e11e9c85dd70056d62b98b369f0776e11b1983aed28c78c7d5189cfdbf

95dfdb588c7018babd55642c48f6bed1c281cecccbd522dd40b8bea663686f30

8c9202885700b55d73f2a76fbf96c1b8590d28b061efbadf9826cdd0e51b9f26

517f65402d3cf185037b858a5cfe274ca30090550caa39e7a3b75be24e18e179

3e32447ea3b5f07c7f6a180269f5443378acb32c5d0e0bf01a5e39264f691587

0af76f2897158bf752b5ee258053215a6de198e8910458c02282c2d4d284add5

77.105.132.70

185.70.104.90

104.250.180.178

43.230.202.33

122.176.133.66

107.175.229.139

http://remchukwugixiemu4.duckdns.org:57846

http://remchukwugixiemu4.duckdns.org:57844

http://remchukwugix231fgh.duckdns.org:57846

http://remchukwugix231fgh.duckdns.org:57844

http://money001.duckdns.org:9596

http://77.105.132.70:8080

http://77.105.132.70:80

http://77.105.132.70:465

http://77.105.132.70:2404

http://43.230.202.33:7056

http://185.70.104.90:8080

http://185.70.104.90:80

http://185.70.104.90:465

http://185.70.104.90:2404

http://122.176.133.66:2667

http://122.176.133.66:2404

http://107.175.229.139:8087

http://104.250.180.178:7902

Attack Patterns

REMCOS

T1055.001

T1548.002

T1059.005

T1555

T1573

T1218

T1055

T1059

Dissecting REMCOS RAT: An in-depth analysis of a widespread 2024 malware, Part Four

Tags

External References

Description

Date

Indicators

Attack Patterns