GoTo Meeting loads Remcos RAT via Rust Shellcode Loader
Tags
| country: | Russia |
| attack-pattern: | Data Direct Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Software - T1592.002 Powershell - T1086 |
Common Information
| Type | Value |
|---|---|
| UUID | f25bb2be-935a-4521-a94c-2c13749bc797 |
| Fingerprint | 942e1d1ba76b8647 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | May 15, 2024, 8:49 a.m. |
| Added to db | Aug. 31, 2024, 3:17 a.m. |
| Last updated | Nov. 8, 2024, 9:35 a.m. |
| Headline | GoTo Meeting loads Remcos RAT via Rust Shellcode Loader |
| Title | GoTo Meeting loads Remcos RAT via Rust Shellcode Loader |
| Detected Hints/Tags/Attributes | 23/2/44 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 112 | ✔ | G Data SecurityBlog (english) | https://feeds.feedblitz.com/gdatasecurityblog-en | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | myrecentfiles23.zip |
|
| Details | Domain | 1 | dump.zip |
|
| Details | Domain | 3 | rar.zip |
|
| Details | Domain | 11 | rentry.co |
|
| Details | Domain | 5 | file2.zip |
|
| Details | Domain | 1 | store5.gofile.io |
|
| Details | Domain | 14 | documents.zip |
|
| Details | Domain | 1 | organizer.zip |
|
| Details | File | 1 | myrecentfiles23.zip |
|
| Details | File | 1 | mld.pdf |
|
| Details | File | 1 | winsys.odt |
|
| Details | File | 3 | g2m.dll |
|
| Details | File | 16 | data.bin |
|
| Details | File | 1 | speakeasy.exe |
|
| Details | File | 1 | dump.zip |
|
| Details | File | 12 | report.txt |
|
| Details | File | 1 | заявка_на_геоприборы.rar |
|
| Details | File | 1 | 10.js |
|
| Details | File | 5 | file2.zip |
|
| Details | File | 26 | run.bat |
|
| Details | File | 16 | utility.exe |
|
| Details | File | 1 | raw.ps1 |
|
| Details | File | 1 | setup_livetreams_onlyfan.zip |
|
| Details | File | 1 | leonardo_al2.zip |
|
| Details | File | 12 | documents.zip |
|
| Details | File | 1 | organizer.zip |
|
| Details | sha256 | 1 | db15a69d0ca99a99a6c6771ab9598bf8d93d29d036eff64f52dc262048bd8e39 |
|
| Details | sha256 | 1 | e8e73adc7ba9f04cc0e1e0f403730ff790a7ff463cda8aaca5cbb6305bb7878e |
|
| Details | sha256 | 1 | 796ea1d27ed5825e300c3c9505a87b2445886623235f3e41258de90ba1604cd5 |
|
| Details | sha256 | 1 | 93439fe9b45d7b6e9fcdc5e68fd47677ea17025e4eabb6f1468cb9ae98ee8a5b |
|
| Details | sha256 | 1 | 92fbfa17b4dd1c0353ef4d7bfb5649c3a916c4e2e58303538f83db65cc709b82 |
|
| Details | sha256 | 1 | 8e7eb07f9e6ff4d5e7db3dcf8bcbf909693cce12693a43c1ddd8b221cdf3a9e8 |
|
| Details | sha256 | 1 | 0f21a4ba2842f4d7f62fd2c2ca30cacf6aca7b8eaeb9d636c8b1c97ce925e46a |
|
| Details | sha256 | 1 | 0d7a1679cde49c8c43a7140166c7c5077a20b93ead7359704a48850a13d534e5 |
|
| Details | sha256 | 1 | 80fb32f8dbf88b78818f619e81a9fc12e3496e2f38a2a8b3a692752c53d38c4d |
|
| Details | sha256 | 1 | 4ef76b942e041c20fd58858d73b4180688c828608d42604eabf41821981ce997 |
|
| Details | sha256 | 1 | 70f551ccf085df38fec1bbe676814b1ce148a7320a3dfb89b85d975add56edb9 |
|
| Details | sha256 | 1 | 15afec306455f3fc70738c6efcb8bca161fda013a8ae4cc4b3a8147741d0cb46 |
|
| Details | sha256 | 1 | 00618af73c6963ea6e002a75c18eb2ea4e7e39b8aaf008e7cf3289c18d46a961 |
|
| Details | sha256 | 1 | d03d6785ca26c530dd3b43c9d75a576e2b1951523566b5de41aefdca1a9489a4 |
|
| Details | sha256 | 1 | 89ba909b743f9dee82f65586b62d258c2fd3992ed7367483f9754d9826912fe7 |
|
| Details | sha256 | 1 | 2cf4654964586aa6b4ce844121048e77881bcda3e7d6931e9608d41af3ee68da |
|
| Details | sha256 | 1 | b87676d267712ec64e015c7a1aa689cd951a581841db4208a758aa1c0b16b68f |
|
| Details | Url | 1 | https://store5.gofile.io/download/direct/d29b9954-3e20-4d08-ab01-41ed028faa14/file2 |