Rescoms

Malware updated a month ago (2024-11-29T13:59:20.318Z)
Download STIX
Preview STIX
Rescoms, also known as Remcos, is a remote access trojan (RAT) malware designed to exploit and damage computer systems by stealing sensitive information. It was primarily used in significant phishing campaigns across Central and Eastern Europe during the second half of 2023. These campaigns utilized typosquatting, a popular technique that involves the use of misspelled URLs to mislead users. The Rescoms executable was delivered to potential victims, protected by AceCryptor, with the primary objectives being credential theft and initial access to company networks. In May 2024, a new phishing campaign was carried out in Poland, which saw a shift in the malware delivery method. Attackers switched from using AceCryptor to ModiLoader for delivering malware. Three different malware families were deployed via ModiLoader: Rescoms, Agent Tesla, and Formbook. These malware families were used as final payloads, indicating a strategic evolution in the attackers' approach to be more successful in their illicit activities. Additionally, threat actors have used Rugmi, a tool containing a downloader for the encrypted payload and two other loaders, to distribute various information-stealing malware. This includes Vidar, RecordBreaker or Raccoon Stealer V2, Lumma Stealer or LummaC2, and Rescoms, according to a report from ESET Research. Despite the change in delivery methods and the inclusion of new malware families, Rescoms remains a prevalent threat due to its ability to steal sensitive information and gain control over infected systems.
Description last updated: 2024-08-14T09:34:57.959Z
What's your take? (Question 1 of 4)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Payload
Phishing
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Formbook Malware is associated with Rescoms. Formbook is a type of malware, malicious software designed to exploit and damage computer systems. It infects systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data hostage for ransom. Formbook has been linked with other forms oUnspecified
2
The Acecryptor Malware is associated with Rescoms. AceCryptor is a malicious software (malware) that has been used extensively in phishing campaigns to protect and deliver other malware. In the second half of 2023, AceCryptor was notably employed to package Rescoms malware for distribution across Central and Eastern Europe, with the aim of stealing Unspecified
2
Source Document References
Information about the Rescoms Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more