2018-07-07 Remcos Malspam

A quick write-up on this Remcos malspam. Some other previous entries that I have done aboutr Remcos can be found below: https://www.herbiez.com/?p=1106 https://www.herbiez.com/?p=1073 All the emails seem to come from the sender info@yusheng-wiremesh.com with the subject of “Returned Funds fort Invoice DFER4567 July Despatch.” The malspam also comes with an…

Continue reading

2018-04-21 “TOP URGENT//: REQUEST FOR QUOTAION” Malspam Leads To CVE-2017-11882/Possible Remcos Infection

Yesterday while looking for some malspam, I came across some emails that used the CVE-2017-11882 exploit which leveraged an AutoIT script to launch the Remcos keylogger process which used some anti-sandbox techniques as well. For some more information about the CVE, please see the following links: https://researchcenter.paloaltonetworks.com/2017/12/unit42-analysis-of-cve-2017-11882-exploit-in-the-wild/ http://reversingminds-blog.logdown.com/posts/3907313-fileless-attack-in-word-without-macros-cve-2017-11882 2018-02-17 REMCOS…

Continue reading