RemcosRAT Distributed Using Steganography

216.73.217.22

RemcosRAT Distributed Using Steganography

· Published 08/05/2024 11:03 · Modified 08/05/2024 17:22

Essential information

Published: 08/05/2024 11:03
Modified: 08/05/2024 17:22
Tags: 2024-05-03 2024-05-04 2024-05-05 2024-05-06 2024-05-07 2024-05-08 malicious-documents obfuscation process-hollowing remcosrat steganography
Related entities: 4 observables, 13 techniques (mitre), 1 malware

Description

Security researchers have discovered a campaign distributing RemcosRAT through a sophisticated infection chain involving steganography techniques. The attack starts with a malicious Word document exploiting template injection, leading to the download of an RTF file that leverages an equation editor vulnerability. Subsequently, obfuscated scripts are fetched to ultimately execute RemcosRAT via process hollowing, evading detection. This intricate operation highlights the evolving tactics employed by threat actors to distribute malware.

External references

https://asec.ahnlab.com/en/65111/
https://otx.alienvault.com/pulse/663b5c00050acad0c4e3ee16