skip to Main Content

Cybercrime, new Remcos aggressive campaign via DHL

Technical analysis by the Malware Hunter JAMESWT

New Remcos aggressive campaign via DHL. Three different emails in one day with the same xls attachment: the malware itself. The file, if opened, activates the infection chain

Remcos is hiding inside a fake DHL email about an alleged shipment.

The xls attachment is the malware itself and, if opened, activates the infection chain.

The campaign, however, is very aggressive. In fact, in just one day, three different emails arrived with the notification numbers changing. The attached file, on the other hand, is always the same. Remcos is a cybercrime Remote Access Trojan (RAT) with a wide range of features such as closely monitoring user activity, recording audio and video content, acquiring credentials, digital currency theft, downloading of additional payloads and exfiltration of confidential data avoiding detection and sandboxes.

Malware Samples

Remcos C2

Back To Top