all InfoSec news
Unknown TTPs of Remcos RAT
Malware Analysis, News and Indicators - Latest topics malware.news
Typically spread through malicious attachments, drive-by downloads, or social engineering, Remcos RAT has been active since 2016. Initially presented by BreakingSecurity, a European company, as a legitimate remote control tool, it has since been exploited by threat actors for nefarious purposes, despite claims of restricted access for lawful use.
On analyzing a few samples from VirusTotal, we got one interesting sample which was a .vhd file. Let’s analyze how threat actors have crafted the VHD (Virtual Hard Disk).
After …
access attachments claims control downloads drive drive-by drive-by downloads engineering exploited malicious malware analysis rat remcos remcos rat remote control restricted social social engineering threat threat actors tool ttps