What is Remcos?
Remcos, short for Remote Control and Surveillance, is a legitimate tool primarily used by Red Teams for ethical hacking and penetration testing. Its comprehensive features enable users to remotely control and monitor systems, providing valuable insights during security assessments. However, the powerful capabilities of Remcos have also attracted the attention of malware authors. These cybercriminals repurpose the tool for malicious activities, exploiting its functionalities to compromise systems.
Typically classified as a Remote Access Trojan (RAT), Remcos is a type of malware that allows attackers to gain unauthorized access to infected systems. Once installed, it provides a backdoor, enabling remote control over the compromised device. This includes capabilities such as keystroke logging, screen capturing, file manipulation, and command execution.
File Details:
Hash : 0546b035a94953d33a5c6d04bdc9521b49b2a98a51d38481b1f35667f5449326.
Filename: SKU_0001710-1-2024-SX-3762.iso
FileType: ISO Image
Magic : ISO 9660 CD-ROM filesystem data 'SKU_0001710-1-2024-SX-3762'
Size : 66.00 KB (67584 bytes)
Captured HTTP Packet:
MITRE ATT@CK MATRIX:
Tactics Techniques.
Initial Access - Phishing Attachment (.ISO).
Execution - Native API.
Command and Scripting Interpreter.
Exploitation for Client Execution.
Powershell.
Persistence - Scripting (.PS1).
Windows Service.
Browsing Extensions.
Privilege Escalation - Process Injection.
DLL Side-Loading.
Bypass User Account Control
Access Token Manipulation.
Defense Evasion - Obfuscated files or Information (Encrytion).
De-Obfuscated files or Information (Base64 Encoding).
Disable or Modify Tools.
Masquarding.
Virtualization/Sandbox Evasion.
Discovery - Virtualization and Sandbox Evasion Technique.
Security Software Discovery.
Application Window Discovery.
File and Directory Discovery.
Collection - Archive Data Collection.
Email Collection.
Clipboard Data.
Command & Control - Encrypted Channels.
Non-Application Layer Protocol.
Application Layer Protocol.
Ingress Tool Transfer
Happy Hunting !!
