Malware-Traffic-Analysis.net - 2024-09-11: Data dump - Remcos RAT and XLoader (Formbook)

2024-09-11 (WEDNESDAY): DATA DUMP - REMCOS RAT AND XLOADER (FORMBOOK)

NOTES:

Zip files are password-protected. Of note, this site has a new password scheme. For the password, see the "about" page of this website.

ASSOCIATED FILES:

2024-09-11-files-from-Remcos-RAT-activity.zip 2.8 MB (2,776,986 bytes)

2024-09-11-IOCs-from-Remcos-RAT-activity.txt (1,065 bytes)

2024-09-11-Remcos-RAT-infection-traffic.pcap (11,459 bytes)

2024-09-11-malspam-1107-UTC.eml (1,258,120 bytes)

Inquiry no. 1051_pdf.exe (947,200 bytes)

Inquiry no. 1051_pdf.tar (902,482 bytes)

2024-09-11-files-from-XLoader-activity.zip 7.7 MB (7,742,595 bytes)

2024-09-11-IOCs-from-XLoader-activity.txt (2,404 bytes)

2024-09-11-XLoader-infection-traffic.pcap (8,102,453 bytes)

2024-09-11-malspam-1144-UTC.eml (912,026 bytes)

PO82107048.exe (685,568 bytes)

PO82107048.rar (661,541 bytes)

IMAGES

Shown above: Traffic from the Remcos RAT infection, filtered in Wireshark.

Shown above: Traffic from the XLoader (Formbook) infection, filtered in Wireshark.

Click here to return to the main page.