Distribution of Remcos RAT Disguised as Payslip Posted By ohmintaek , October 30, 2023 AhnLab Security Emergency response Center (ASEC) has discovered circumstances of the Remcos remote control malware being distributed through an email disguised as a payslip. As shown in Figure 1, the identified Remcos RAT was distributed under an email subject that read ‘This is a confirmation document for your payment transfer’, deceiving the readers. The attached compressed cab file contains an EXE file (Remcos RAT) disguised with a PDF file icon as shown in Figure 2. Figure 1. Phishing email Figure…
GuLoader Malware Disguised as Tax Invoices and Shipping Statements (Detected by MDS Products) Posted By AhnLab_en , August 10, 2023 AhnLab Security Emergency response Center (ASEC) has identified circumstances of GuLoader being distributed as attachments in emails disguised with tax invoices and shipping statements. The recently identified GuLoader variant was included in a RAR (Roshal Archive Compressed) compressed file. When a user executes GuLoader, it ultimately downloads known malware strains such as Remcos, AgentTesla, and Vidar. AhnLab’s MDS products provide a Mail Transfer Agent (MTA) feature to block malware distributed via email. Figure 3 below shows the GuLoader malware detection…
Fileless Remcos RAT Malware Delivery Posted By jcleebobgatenet , July 29, 2021 The ASEC analysis team identified that Remcos RAT malware is being distributed through malicious macros in Excel files. As for the malware, the team introduced it in detail in the post linked below this text. While the method of coming into the system through spam mails is the same as before, it should be noted that the Remcos RAT malware is ultimately delivered filelessly after going through multiple loader stages. In summary, the overall operation method is as follows: The attacker attaches…
