skip to Main Content

Cybercrime, “Purchase order_2022” conveys the new RemcosRAT campaign

Technical analysis by the Malware Hunter JAMESWT

“Purchase order_2022” conveys the new RemcosRAT campaign. The email contains a rar attachment. Inside there is an exe: the malware itself, which activates the chain of infection

“Purchase order_2022” is the subject of an email, which conveys a new RemcosRAT campaign.

The rar attachment of the message contains an executable file: the malware itself. This, if open, activates the chain of infection. Remcos is a cybercrime Remote Access Trojan (RAT), associated above all with courier-themed phishing campaigns and with a wide range of features: such as closely monitoring user activities, recording audio and video content, credentials, digital currency theft, download of additional payloads and exfiltration of confidential data avoiding detection and sandboxing.

Malware C2

Back To Top