The gz attachment of the “Payment Advice - Ref: [HSBC1057029141] /RFQ Priority Payment / Customer Ref: [PI10771QT90]” email contains an exe file: the malware.
Cybercrime, new email about an RFQ conveyed by Remcos via Modiloader
New email on an RFQ conveyed by Remcos via Modiloader. The compressed attachment contains an exe file: the loader, which contacts a url and downloads the final malware
The email “REQUEST FOR QUOTATION Ref. # IRQ/21/08645398” is the bait of a new Remcos campaign via Modiloader (aka DBatLoader and NatsoLoader).
The compressed attachment contains an exe file: the loader, which contacts a url and downloads the final malware. Remcos is a cybercrime Remote Access Trojan (RAT), mainly associated with courier-themed phishing campaigns and with a wide range of functions: such as closely monitoring user activities, recording audio and video content, capturing of credentials, stealing digital currency, downloading additional payloads, and exfiltrating confidential data by avoiding detection and sandboxes.
Modiloader C2
Remcos C2
Related Posts
