RAT Distributed as UUEncoding (UUE) File

June 11, 2024, 10:31 a.m.

Description

This intelligence report describes a malicious operation where the Remcos Remote Access Trojan (RAT) is being disseminated through phishing emails containing an attachment exploiting the Unix-to-Unix Encoding (UUE) technique. The encoded file loads an obfuscated VBScript that fetches additional malicious components, leading to the deployment of the Remcos RAT on compromised systems. The report outlines the multi-stage infection process, providing technical details and indicators of compromise (IOCs) related to this campaign.

External References

https://asec.ahnlab.com/en/66463/
https://otx.alienvault.com/pulse/666822c92c8ceaf905ebcc09
Tags
obfuscation
rat
phishing
persistence
remcos
remote access
2024-06-11

Date

  • Created: June 11, 2024, 10:11 a.m.
  • Published: June 11, 2024, 10:11 a.m.
  • Modified: June 11, 2024, 10:31 a.m.

Indicators

  • 194.59.30.90
  • frabyst44habvous2.duckdns.org
  • frabyst44habvous1.duckdns.org
Download all indicators here!

Attack Patterns

  • Remcos
  • T1059.005
  • T1059.001
  • T1059.007
  • T1562.001
  • T1057
  • T1105
  • T1204
  • T1056
  • T1195
  • T1059