Rescoms

Malware updated 3 months ago (2024-08-14T10:17:40.363Z)

Download STIX

Preview STIX

Rescoms, also known as Remcos, is a remote access trojan (RAT) malware designed to exploit and damage computer systems by stealing sensitive information. It was primarily used in significant phishing campaigns across Central and Eastern Europe during the second half of 2023. These campaigns utilized typosquatting, a popular technique that involves the use of misspelled URLs to mislead users. The Rescoms executable was delivered to potential victims, protected by AceCryptor, with the primary objectives being credential theft and initial access to company networks. In May 2024, a new phishing campaign was carried out in Poland, which saw a shift in the malware delivery method. Attackers switched from using AceCryptor to ModiLoader for delivering malware. Three different malware families were deployed via ModiLoader: Rescoms, Agent Tesla, and Formbook. These malware families were used as final payloads, indicating a strategic evolution in the attackers' approach to be more successful in their illicit activities. Additionally, threat actors have used Rugmi, a tool containing a downloader for the encrypted payload and two other loaders, to distribute various information-stealing malware. This includes Vidar, RecordBreaker or Raccoon Stealer V2, Lumma Stealer or LummaC2, and Rescoms, according to a report from ESET Research. Despite the change in delivery methods and the inclusion of new malware families, Rescoms remains a prevalent threat due to its ability to steal sensitive information and gain control over infected systems.

Description last updated: 2024-08-14T09:34:57.959Z

What's your take? (Question 1 of 4)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Malware

Payload

Phishing

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The Formbook Malware is associated with Rescoms. Formbook is a type of malware, malicious software designed to exploit and damage computer systems. It infects systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data hostage for ransom. Formbook has been linked with other forms o	Unspecified	2
The Acecryptor Malware is associated with Rescoms. AceCryptor is a malicious software (malware) that has been used extensively in phishing campaigns to protect and deliver other malware. In the second half of 2023, AceCryptor was notably employed to package Rescoms malware for distribution across Central and Eastern Europe, with the aim of stealing	Unspecified	2

Source Document References

Information about the Rescoms Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
ESET	4 months ago	Phishing targeting Polish SMBs continues via ModiLoader
Securityaffairs	4 months ago	Phishing campaigns target SMBs in Poland
CERT-EU	a year ago	Activity of Rugmi malware loader spikes
ESET	8 months ago	AceCryptor attacks surge in Europe – Week in security with Tony Anscombe
ESET	8 months ago	Rescoms rides waves of AceCryptor spam