The gz attachment of the “Payment Advice - Ref: [HSBC1057029141] /RFQ Priority Payment / Customer Ref: [PI10771QT90]” email contains an exe file: the malware.
Cybercrime, new email about an RFQ conveyed by Remcos via Modiloader
New email on an RFQ conveyed by Remcos via Modiloader. The compressed attachment contains an exe file: the loader, which contacts a url and downloads the final malware
The email “REQUEST FOR QUOTATION Ref. # IRQ/21/08645398” is the bait of a new Remcos campaign via Modiloader (aka DBatLoader and NatsoLoader).
The compressed attachment contains an exe file: the loader, which contacts a url and downloads the final malware. Remcos is a cybercrime Remote Access Trojan (RAT), mainly associated with courier-themed phishing campaigns and with a wide range of functions: such as closely monitoring user activities, recording audio and video content, capturing of credentials, stealing digital currency, downloading additional payloads, and exfiltrating confidential data by avoiding detection and sandboxes.