IT Army of Ukraine group hacks 12 command and control stations on Earth for Moscow Satis satellites. Goal: block detection and targeting Kyiv forces.
Technical analysis by the Malware Hunter JAMESWT
“Purchase order_2022” conveys the new RemcosRAT campaign. The email contains a rar attachment. Inside there is an exe: the malware itself, which activates the chain of infection
“Purchase order_2022” is the subject of an email, which conveys a new RemcosRAT campaign.
The rar attachment of the message contains an executable file: the malware itself. This, if open, activates the chain of infection. Remcos is a cybercrime Remote Access Trojan (RAT), associated above all with courier-themed phishing campaigns and with a wide range of features: such as closely monitoring user activities, recording audio and video content, credentials, digital currency theft, download of additional payloads and exfiltration of confidential data avoiding detection and sandboxing.